Multiple Critical Vulnerabilities Disclosed in TP‑Link Archer AX53 Router, Adobe Photoshop, OpenVPN, and Norton VPN
What Happened – Cisco Talos’ research team reported eight high‑severity flaws in the TP‑Link Archer AX53 Wi‑Fi router and one each in Adobe Photoshop, OpenVPN, and Gen Digital’s Norton VPN. All vendor patches are now available except for the Norton VPN issue, which was discovered in‑use before a fix existed.
Why It Matters for TPRM
- Remote code execution (RCE) and command‑injection bugs can be leveraged to compromise third‑party network infrastructure.
- Unpatched VPN components expose downstream customers to lateral movement and data exfiltration.
- Failure to apply patches promptly creates compliance gaps for organizations that rely on these products.
Who Is Affected – Consumer‑grade networking (SMBs, remote‑work sites), enterprise IT departments, design studios using Photoshop, and any organization that deploys OpenVPN or Norton VPN for remote access.
Recommended Actions
- Verify that all TP‑Link Archer AX53 devices are running firmware 1.3.1 Build 20241120 rel.54901 or later.
- Deploy Adobe Photoshop, OpenVPN, and Norton VPN updates immediately; monitor vendor advisories for the pending Norton patch.
- Enable Talos‑provided Snort rules to detect exploitation attempts.
- Re‑assess third‑party risk scores for vendors supplying the affected products.
Technical Notes –
- TP‑Link: CVE‑2026‑30814 (stack buffer overflow), CVE‑2026‑30815‑30818 (OS command injection), CVE‑2026‑30816‑30819 (file‑read/command‑injection via OpenVPN and dnsmasq scripts). Exploitation requires crafted network packets or malicious configuration files.
- Adobe Photoshop: Remote code execution via malformed image parsing (CVE‑2026‑30901).
- OpenVPN: Authentication bypass via crafted config restore values (CVE‑2026‑30902).
- Norton VPN: Information‑leak vulnerability (CVE‑2026‑30903) currently unpatched.
Source: Cisco Talos Blog – TP‑Link, Photoshop, OpenVPN, Norton VPN vulnerabilities