CVE-2026-1571

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended...

CVE-2026-1571

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended...

CVE-2026-1571

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended...

CVE-2026-1571

Affected product: TP-Link Archer C60 v3. Vulnerability: Reflected XSS where user-controlled input is reflected into HTML output without proper encoding. Root cause: input is not properly sanitized/encoded before rendering in the device web UI. Impact: Arbitrary JavaScript execution within the dev...

CVE-2026-1571 Reflected XSS Vulnerability on TP-Link Archer C60

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended...

TP-Link Archer C60 安全漏洞

The TP-Link Archer C60 is a wireless router produced by TP-Link Corporation. The TP-Link Archer C60 v3 has a security vulnerability. This vulnerability arises from the reflection of user inputs into the HTML output without proper encoding. This could allow for the execution of arbitrary JavaScrip...

CVE-2023-4463

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit...

CVE-2023-4468

Poly Trio 8500/8800/C60 devices are affected by CVE-2023-4468 in the Poly Lens Management Cloud Registration component, enabling missing authorization with physical access to the device. The vulnerability is described as exploitable on the physical device, with public disclosure. Connected docume...

CVE-2023-4466

CVE-2023-4466 affects Poly CCX 400/600, Trio 8800/C60 Web Interface. The vulnerability in the Web Interface enables remote manipulation that causes protection mechanism failure. No explicit patch is provided; remediation involves removing vulnerable builds from public servers. Exploit has been di...

CVE-2023-4466 Poly CCX 400/CCX 600/Trio 8800/Trio C60 Web Interface protection mechanism

A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. Th...

CVE-2023-4465

The CVE-2023-4465 issue affects Poly Trio and VVX/CCX devices (e.g., Trio 8300/8500/8800, Trio C60, CCX 350/400/500/505/600/700, EDGE series, VVX 101/150/201/250/300/301/310/311/350/400/401/410/411/450/500/501/600/601). The root cause is an insufficient check in the Configuration File Import comp...

CVE-2023-4464 Poly VVX 601 Diagnostic Telnet Mode os command injection

A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201,...

CVE-2023-4464

CVE-2023-4464 affects Poly VVX 601 and a broad set of Poly Trio/CCX/EDGE/VVX devices. The root cause is a vulnerability in the Diagnostic Telnet Mode component that allows operating system command injection due to inadequate input handling. Exploitation is possible remotely, and public exploit/ad...

CVE-2023-4463

The CVE-2023-4463 entry affects Poly CCX 400, CCX 600, Trio 8800, and Trio C60. The vulnerability is in the HTTP Header Handler component, where manipulating the Cookie argument can cause denial of service. Exploitation can be performed remotely, and public disclosure of the exploit is noted. Con...

CVE-2023-4462

CVE-2023-4462 affects Poly Trio/CCX/VVX devices (e.g., Trio 8300/8500/8800, C60, CCX 350/400/500/505/600/700, EDGE E100/E220/E300/E320/E350/E400/E450/E500/E550, VVX series 101/150/201/250/300/301/310/311/350/400/401/410/411/450/500/501/600/601). The issue resides in the Web Configuration Applicat...

Poly Trio Security Feature Issue Vulnerability

Poly Trio is a Trio series business conference phone from Poly USA. A security signature issue vulnerability exists in Poly CCX and Trio that stems from a security signature issue vulnerability in the component Web Configuration Application. Affected products and versions: Poly CCX version 400, C...

Poly CCX and Trio Security Vulnerabilities

Poly Trio is a Trio series business conference phone from Poly USA. A security vulnerability exists in Poly CCX and Trio that stems from a denial of service DOS vulnerability in the cookie parameter of the HTTP Header Handler component. Affected products and versions: Poly CCX version 400, CCX...

Poly Trio Operating System Command Injection Vulnerability

Poly Trio is a Trio series business conference phone from Poly USA. Poly Trio has an operating system command injection vulnerability that stems from an operating system command injection vulnerability in the Diagnostic Telnet Mode component. Affected products and versions: Poly CCX version 400,...

TPLink Archer C60 1.0 Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: UnAuthenticated Remote Code Execution at TP-Link Archer C60 Router Date: 16.07.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.tp-link.com/ Hardware Link :...

TP-Link Archer C60 1.0 Code Execution

Exploit Title: UnAuthenticated Remote Code Execution at TP-Link Archer C60 Router Date: 16.07.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.tp-link.com/ Hardware Link : https://www.tp-link.com/la/products/details/cat-9Archer-C60.html Hardware Version : Archer C60 v1.0 Firmware...