TP-Link Archer C20 - Authentication Bypass

A vulnerability in the TP-Link Archer C20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass authentication on interfaces under the /cgi directory. When adding a Referer header with value "http://tplinkwifi.net" to requests, the router will recognize th...

TP-Link WR841N Router multiple vulnerabilities

RISK EVALUATION Multiple TP-Link products TP-Link Archer C20 V5, Archer C20 6.0, Archer AX53 v1.0 and TL-WR841N v13 are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow an adjacent, unauthenticated attacker to execute administrative commands. 2...

CVE-2025-15551 LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle MitM attack to execute JavaScript...

CVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger...

CVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and...

CVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger...

CVE-2026-0834 Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger...

CVE-2026-0834 Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger...

EUVD-2026-3601

Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and...

CVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger...

CVE-2026-0834

CVE-2026-0834 affects TP-Link Archer C20 v6.0 (firmware before V6_251031) and Archer AX53 v1.0 (firmware before V1_251215) via the TDDP module. A logic vulnerability allows unauthenticated adjacent attackers to remotely execute administrative commands, including factory reset and device reboot, w...

PT-2026-3791

Name of the Vulnerable Software and Affected Versions TP-Link Archer C20 versions prior to V6 251031 TP-Link Archer AX53 version prior to V1 251215 Description A logic issue exists in the TDDP module of TP-Link Archer C20 v6.0 and Archer AX53 v1.0. An unauthenticated attacker on an adjacent netwo...

TP-LINK Archer C20 security vulnerabilities

The TP-LINK Archer C20 is a router produced by the TP-LINK company. Versions of the TP-LINK Archer C20 prior to v6.0 version number: 6251031 and the TP-Link Archer AX53 prior to version 1.0 version number: 1251215 contained security vulnerabilities. These vulnerabilities were due to logical flaws...

CVE-2023-31188

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50JPV3230505', Archer C55 firmware versions prior to 'Archer C55JPV1230506', and Archer C20 firmwar...

EUVD-2023-41191

Malicious code in bioql PyPI...

CVE-2023-37284

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20JPV1230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication...

CVE-2023-30383

TP-LINK Archer C50v2 Archer C50USV2160801, TP-LINK Archer C20v1 ArcherC20V1150707, and TP-LINK Archer C2v1 ArcherC2USV1170228 were discovered to contain a buffer overflow which may lead to a Denial of Service DoS when parsing crafted data...

The vulnerability of TP-Link Archer c20 router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.

The vulnerability of TP-Link Archer c20 router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by adding the parameter “Referer: http://tplinkwifi.net” to the...

CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...

CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...