Skip to main content

Archer C64 V1 0

1 CVEs product

Monthly

CVE-2026-8697 HIGH PATCH This Week

Credential brute-forcing against TP-Link Archer C64 v1 routers is possible via an undocumented debug SSH service that shares credentials with the web admin interface but enforces no authentication rate-limiting. Adjacent attackers (same Wi-Fi or LAN segment) can iterate password guesses without lockout to recover the administrator password and take full control of the router. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.7 (High) and a vendor patch is available.

Information Disclosure Archer C64 V1 0
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Credential brute-forcing against TP-Link Archer C64 v1 routers is possible via an undocumented debug SSH service that shares credentials with the web admin interface but enforces no authentication rate-limiting. Adjacent attackers (same Wi-Fi or LAN segment) can iterate password guesses without lockout to recover the administrator password and take full control of the router. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.7 (High) and a vendor patch is available.

Information Disclosure Archer C64 V1 0
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy