Cisco Talos' Vulnerability Discovery & Research team identified eight vulnerabilities in the TP-Link Archer AX53 router firmware version 1.3.1 Build 20241120 rel.54901(5553), including a stack-based buffer overflow (CVE-2026-30814), multiple OS command injection vulnerabilities in OpenVPN configuration restore scripts and dnsmasq configuration (CVE-2026-30815 to CVE-2026-30819), and arbitrary file reading issues. Adobe Photoshop installer (version 2.11.0.30) has a privilege escalation vulnerability during installation via the Microsoft Store (CVE-2026-34632). OpenVPN versions 2.6.x and 2.8_git are affected by a reachable assertion vulnerability (CVE-2026-35058) that can cause denial of service. Gen Digital's Norton VPN installer has a privilege escalation vulnerability (CVE-2025-58074) allowing low-privilege users to replace files during installation, potentially deleting arbitrary files. All vulnerabilities have been patched by their respective vendors except the Norton VPN vulnerability, which was discovered in-use before a patch was available.

Successful exploitation of the TP-Link vulnerabilities could lead to arbitrary code execution, arbitrary command execution, or arbitrary file reading on the affected router. Adobe Photoshop and Norton VPN installation vulnerabilities could allow low-privilege users to escalate privileges during installation, potentially leading to unauthorized file deletion or elevated system access. The OpenVPN vulnerability could cause denial of service by crashing the service. No known exploits are reported in the wild. The Norton VPN vulnerability was discovered before a patch was available, indicating a potential window of exposure prior to remediation.

All affected vendors have released patches for these vulnerabilities except for Norton VPN, which was discovered in-use before a patch was available. Users and administrators should apply the official patches from TP-Link, Adobe, and OpenVPN immediately to mitigate these risks. For Norton VPN, monitor vendor advisories closely for patch releases and apply them promptly once available. Snort rule sets have been updated to detect exploitation attempts; deploying these IDS signatures can provide additional detection capability.