FKIE_CVE-2026-0834

Vulnerability from fkie_nvd - Published: 2026-01-21 18:16 - Updated: 2026-04-23 18:16
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366
References
f23511db-6c3e-4e32-a477-6aa17d310630https://mattg.systems/posts/cve-2026-0834/Permissions Required
f23511db-6c3e-4e32-a477-6aa17d310630https://www.tp-link.com/en/support/download/archer-ax53/v1/#FirmwareProduct
f23511db-6c3e-4e32-a477-6aa17d310630https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware
f23511db-6c3e-4e32-a477-6aa17d310630https://www.tp-link.com/en/support/download/archer-c20/v6/#FirmwareProduct
f23511db-6c3e-4e32-a477-6aa17d310630https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware
f23511db-6c3e-4e32-a477-6aa17d310630https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware
f23511db-6c3e-4e32-a477-6aa17d310630https://www.tp-link.com/us/support/faq/4905/
Impacted products
Vendor Product Version
tp-link archer_ax53_firmware 1.0
tp-link archer_ax53 -
tp-link archer_c20_firmware 6.0
tp-link archer_c20 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C762E60-933C-4B61-84D1-0A6FE4D5E08E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "394AAF99-8784-4872-8EED-A12B97C575E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:tp-link:archer_c20_firmware:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E36B6485-1C16-4FC9-B5ED-3B0D5FC9B16B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:tp-link:archer_c20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FFFAF05-D4CE-454A-B830-7899CAFC8ED0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials.\u00a0Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 \u003c V6_251031, Archer C20 v5 \u003cEU_V5_260317 or \u003c\u00a0US_V5_260419\n\n\nArcher AX53 v1.0 \u003c \n\nV1_251215\n\nTL-WR841N v13 \u003c\u00a00.9.1 Build 20231120 Rel.62366"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad l\u00f3gica en TP-Link Archer C20 v6.0 y Archer AX53 v1.0 (m\u00f3dulo TDDP) permite a atacantes adyacentes no autenticados ejecutar comandos administrativos incluyendo restablecimiento de f\u00e1brica y reinicio del dispositivo sin credenciales. Atacantes en la red adyacente pueden activar de forma remota restablecimientos de f\u00e1brica y reinicios sin credenciales, causando p\u00e9rdida de configuraci\u00f3n e interrupci\u00f3n de la disponibilidad del dispositivo. Este problema afecta a Archer C20 v6.0 \u0026lt; V6_251031.\n\nArcher AX53 v1.0 \u0026lt; V1_251215"
    }
  ],
  "id": "CVE-2026-0834",
  "lastModified": "2026-04-23T18:16:23.310",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-21T18:16:24.773",
  "references": [
    {
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://mattg.systems/posts/cve-2026-0834/"
    },
    {
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "tags": [
        "Product"
      ],
      "url": "https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"
    },
    {
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "url": "https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware"
    },
    {
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "tags": [
        "Product"
      ],
      "url": "https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware"
    },
    {
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "url": "https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware"
    },
    {
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "url": "https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware"
    },
    {
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "url": "https://www.tp-link.com/us/support/faq/4905/"
    }
  ],
  "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "f23511db-6c3e-4e32-a477-6aa17d310630",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.