Skip to main content

Archer C20 V5

1 CVEs product

Monthly

CVE-2026-11834 HIGH PATCH This Week

Command injection in TP-Link Archer and TL-MR series routers allows an adjacent unauthenticated attacker on the same broadcast domain to execute arbitrary commands with elevated privileges by supplying crafted DHCP option responses. The flaw resides in DHCP client option processing during device initialization and is most reliably triggered when the router is in factory-default or unconfigured state. No public exploit identified at time of analysis, but the vendor (TP-Link) has confirmed the issue and released firmware patches.

Command Injection TP-Link Archer Mr200 V07 Archer Mr200 V8 Archer Mr402 V1 +4
NVD VulDB
CVSS 4.0
8.7
EPSS
0.4%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Command injection in TP-Link Archer and TL-MR series routers allows an adjacent unauthenticated attacker on the same broadcast domain to execute arbitrary commands with elevated privileges by supplying crafted DHCP option responses. The flaw resides in DHCP client option processing during device initialization and is most reliably triggered when the router is in factory-default or unconfigured state. No public exploit identified at time of analysis, but the vendor (TP-Link) has confirmed the issue and released firmware patches.

Command Injection TP-Link Archer Mr200 V07 +6
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy