CVE-2021-27210
Description
TP-Link Archer C5v firmware 1.7_181221 allows authenticated users to retrieve cleartext credentials via a crafted request to /cgi?1&5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TP-Link Archer C5v firmware 1.7_181221 allows authenticated users to retrieve cleartext credentials via a crafted request to /cgi?1&5.
Vulnerability
The TP-Link Archer C5v router running firmware version 1.7_181221 stores user and root credentials in cleartext. The device exposes these credentials via an improper authorization vulnerability in the CGI interface. An attacker can send the URI /cgi?1&5 with the payload [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to retrieve all stored credentials [1].
Exploitation
An attacker must be an authenticated user on the local network. No special privileges are required beyond authentication. The attacker sends the crafted HTTP request as described, and the device responds with cleartext credentials [1].
Impact
Successful exploitation allows the attacker to obtain all credentials stored on the device, including the root password. This can lead to full compromise of the router, enabling further attacks on the network [1].
Mitigation
As of the publication date (2021-02-13), no official patch is available. Users may consider restricting access to the router's management interface or upgrading to a newer firmware version if one is released. Check TP-Link's support page for updates [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gokay.org/tp-links-archer-c5v-improper-authorization/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.