search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

TP-Link Archer C50 router is vulnerable to configuration-file decryption

Vulnerability Note VU#554637

Original Release Date: 2025-07-29 | Last Revised: 2025-08-04

Overview

The TP-Link Archer C50 router, which has reached End-of-Life (EOL), contains a hardcoded encryption key in its firmware, enabling decryption of sensitive configuration files. This vulnerability allows attackers to trivially access administrative credentials, Wi-Fi passwords, and other internal settings, after authentication to the device.

Description

A vulnerability exists in the TP-Link Archer C50 router’s firmware, where encrypted configuration files are protected using DES in ECB (Electronic Codebook) mode with a hardcoded static key. The embedded DES key is never randomized or derived per device.

CVE-2025-6982 TP-Link Archer C50 router contains hardcoded DES decryption keys, which makes them vulnerable to configuration file decryption.

The encryption lacks randomness and message authentication, allowing for trivial offline decryption of sensitive data.

Impact

Exploitation of this vulnerability may result in:

Exposure of Sensitive Configuration Data

  • Admin credentials
  • Wireless network SSIDs and passwords
  • Static IPs, DHCP settings, and DNS server details

Network Intelligence Gathering

  • Internal network structure
  • Connected device roles and topology
  • Pre-positioning for further attacks

Ease of Exploitation

  • Works on default firmware configurations
  • Does not require the router to be actively running Primary Impact: Full authorized access to router configuration, leading to potential compromise of the connected network.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. Note: The TP-Link Archer C50 has reached End-of-Life (EOL) and no longer receives firmware updates or security support from the vendor.

Users are strongly advised to:

  • Retire and replace the Archer C50 with a supported router model
  • Avoid using devices with known cryptographic flaws
  • Secure or delete any exported configuration files
  • Change passwords if configuration files were exposed or restored from backup

Acknowledgements

Thanks to the researchers Sushant Mane, Jai Bhortake, and Dr. Faruk Kazi from CoE - CNDS Lab, VJTI, Mumbai, India. This document was written by Timur Snoke.

Vendor Information

554637
 
Expand all

TP-LINK Affected

Notified:  2025-03-13 Updated: 2025-07-29

Statement Date:   July 17, 2025

CVE-2025-6982 Affected

Vendor Statement

We have not received a statement from the vendor.


References

Other Information

CVE IDs: CVE-2025-6982
API URL: VINCE JSON | CSAF
Date Public: 2025-07-29
Date First Published: 2025-07-29
Date Last Updated: 2025-08-04 15:49 UTC
Document Revision: 2

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis