Home

Description

Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031. Archer AX53 v1.0 < V1_251215

PUBLISHED Reserved 2026-01-09 | Published 2026-01-21 | Updated 2026-01-22 | Assigner TPLink




HIGH: 7.2CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-290 Authentication Bypass by Spoofing

Product status

Default status
unaffected

Any version before V6_251031
affected

Any version before V1_251215
affected

Credits

Matt Graham (mattg.systems) finder

References

www.tp-link.com/en/support/download/archer-c20/v6/

www.tp-link.com/en/support/download/archer-ax53/v1/

mattg.systems/posts/cve-2026-0834/

cve.org (CVE-2026-0834)

nvd.nist.gov (CVE-2026-0834)

Download JSON