OS Command Injection in TP-Link Archer AX53 dnsmasq v1.0 (before 1.7.1): CVE-2026-30818 April 2026

OS Command Injection in TP-Link Archer AX53 dnsmasq v1.0 (before 1.7.1)
CVE-2026-30818 Published on April 8, 2026

OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213.

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2026-30818 has been classified to as a Shell injection vulnerability or weakness.

Affected Versions

Before 1.7.1 Build 20260213 is affected.

OS Command Injection in TP-Link Archer AX53 dnsmasq v1.0 (before 1.7.1)CVE-2026-30818 Published on April 8, 2026

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

OS Command Injection in TP-Link Archer AX53 dnsmasq v1.0 (before 1.7.1)
CVE-2026-30818 Published on April 8, 2026