Archer C64 V1 0
Monthly
Credential brute-forcing against TP-Link Archer C64 v1 routers is possible via an undocumented debug SSH service that shares credentials with the web admin interface but enforces no authentication rate-limiting. Adjacent attackers (same Wi-Fi or LAN segment) can iterate password guesses without lockout to recover the administrator password and take full control of the router. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.7 (High) and a vendor patch is available.
Credential brute-forcing against TP-Link Archer C64 v1 routers is possible via an undocumented debug SSH service that shares credentials with the web admin interface but enforces no authentication rate-limiting. Adjacent attackers (same Wi-Fi or LAN segment) can iterate password guesses without lockout to recover the administrator password and take full control of the router. No public exploit identified at time of analysis; CVSS 4.0 base score is 8.7 (High) and a vendor patch is available.