EUVD-2026-32929
GHSA-f294-r353-6vv8
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionNVD
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH.
Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.
AnalysisAI
Credential brute-forcing against TP-Link Archer C64 v1 routers is possible via an undocumented debug SSH service that shares credentials with the web admin interface but enforces no authentication rate-limiting. Adjacent attackers (same Wi-Fi or LAN segment) can iterate password guesses without lockout to recover the administrator password and take full control of the router. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all TP-Link Archer C64 v1 units deployed in your environment and contact TP-Link to obtain the specific patch version referenced in their advisory. Within 7 days: Deploy the available patch to all identified units; if immediate patching is operationally infeasible, restrict SSH access via firewall rules to trusted management subnets only. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today