TP-Link CVE-2026-0834
HIGHCVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionNVD
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031.
Archer AX53 v1.0 <
V1_251215
AnalysisAI
Unauthenticated adjacent network attackers can exploit a logic vulnerability in the TDDP module of TP-Link Archer C20 v6.0 and Archer AX53 v1.0 to execute administrative commands such as factory reset and device reboot without credentials. This allows attackers to cause loss of device configuration and service disruption on vulnerable routers. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 7 days: Identify all affected systems running TP-Link Archer C20 and apply vendor patches promptly. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
More from same product – last 7 days
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac
Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept a
Share
External POC / Exploit Code
Leaving vuln.today