CVE-2026-5039HIGH 8.8EPSS p2.9%

CVE-2026-5039CVE-2026-5039

Description

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.13% probability of exploitation · percentile 2.9% · 2026-06-19T12:03:05Z
Published2026-04-23
Last modified2026-05-05

Underlying weaknesses· 1

CWE-1394

References

  1. https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware

1

TypeTargetConfidenceTier
WeaknessUse of Default Cryptographic Keycwe-13940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0834
CVE
TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVE
CVE-2026-3294
CVE
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability
CVE
CVE-2026-34121
CVE
CVE-2026-0654
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.