Predictable Default Cryptographic Key Used for DES Encryption in TP-Link...

6.1 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Description

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Basic Information

ID CVE-2026-5039

Source TPLink

Published Apr 23, 2026 at 16:10

Affected Product

Vendor TP-Link Systems Inc.

Product TL-WL841N v13

Affected Versions TP-Link Systems Inc. TL-WL841N v13 0

CWE Classification

CWE-1394

References

www.tp-link.com /us/support/download/tl-wr841n/v13/

{
    "lastseen": "",
    "description": "TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.",
    "published": "2026-04-23T16:10:13.269Z",
    "modified": "2026-04-23T16:10:13.269Z",
    "type": "cve",
    "title": "Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N",
    "source": "TPLink",
    "references": "https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware",
    "id": "CVE-2026-5039",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1394"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. TL-WL841N v13 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TL-WL841N v13",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N_CVE-2026-5039