CVE-2026-5039 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2026-5039?

CVE-2026-5039 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-5039?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr841N Firmware, Tp-Link Tl-Wr841N.

Vulnerability Description

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tp-Link	Tl-Wr841N Firmware	< 231120
Tp-Link	Tl-Wr841N	13.0

Related Weaknesses (CWE)

CWE-1394

References

https://www.tp-link.com/us/support/download/tl-wr841n/v13/#FirmwareProduct

FAQ

What is CVE-2026-5039?

CVE-2026-5039 is a vulnerability with a CVSS score of 8.8 (HIGH). TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in def...

How severe is CVE-2026-5039?

CVE-2026-5039 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-5039?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr841N Firmware, Tp-Link Tl-Wr841N.