Overview The TP-Link Archer C50 router, which has reached End-of-Life (EOL), contains a hardcoded encryption key in its firmware, enabling decryption of sensitive configuration files. This vulnerability allows attackers to trivially access administrative credentials, Wi-Fi passwords, and other internal settings, after authentication to the device. Description A vulnerability exists in the TP-Link Archer C50 router’s firmware, where encrypted configuration files are protected using DES in ECB (Electronic Codebook) mode with a hardcoded static key. The embedded DES key is never randomized or derived per device. CVE-2025-6982 TP-Link Archer C50 router contains hardcoded DES decryption keys, which makes them vulnerable to configuration file decryption. The encryption lacks randomness and message authentication, allowing for trivial offline decryption of sensitive data. Impact Exploitation of this vulnerability may result in: Exposure of Sensitive Configuration Data Admin credentials Wireless network SSIDs and passwords Static IPs, DHCP settings, and DNS server details Network Intelligence Gathering Internal network structure Connected device roles and topology Pre-positioning for further attacks Ease of Exploitation Works on default firmware configurations Does not require the router to be actively running Primary Impact: Full authorized access to router configuration, leading to potential compromise of the connected network. Solution The CERT/CC is currently unaware of a…Read More