CVE-2026-0834: CWE-290 Authentication Bypass by Spoofing in TP-Link Systems Inc. Archer C20 v6.0, Archer AX53 v1.0
Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability. This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366
AI Analysis
Technical Summary
CVE-2026-0834 is an authentication bypass vulnerability (CWE-290) affecting TP-Link Archer C20 v5 and v6.0, Archer AX53 v1.0, and TL-WR841N v13 devices. Due to a logic flaw in the TDDP module, unauthenticated attackers on the adjacent network can remotely execute administrative commands including factory reset and reboot without needing credentials. This vulnerability affects firmware versions prior to V6_251031 for Archer C20 v6.0, EU_V5_260317 or US_V5_260419 for Archer C20 v5, V1_251215 for Archer AX53 v1.0, and 0.9.1 Build 20231120 Rel.62366 for TL-WR841N v13. The CVSS 4.0 vector indicates the attack requires adjacent network access, has low complexity, no privileges or user interaction, but results in high impact on integrity and availability.
Potential Impact
Successful exploitation allows unauthenticated adjacent attackers to perform administrative actions such as factory reset and reboot on affected devices. This leads to loss of device configuration and interruption of device availability, potentially disrupting network operations relying on these devices.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official patch or fix information is provided in the available data. Until a patch is available, restrict access to the adjacent network to trusted users only and monitor for unusual device resets or reboots.
CVE-2026-0834: CWE-290 Authentication Bypass by Spoofing in TP-Link Systems Inc. Archer C20 v6.0, Archer AX53 v1.0
Description
Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability. This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-0834 is an authentication bypass vulnerability (CWE-290) affecting TP-Link Archer C20 v5 and v6.0, Archer AX53 v1.0, and TL-WR841N v13 devices. Due to a logic flaw in the TDDP module, unauthenticated attackers on the adjacent network can remotely execute administrative commands including factory reset and reboot without needing credentials. This vulnerability affects firmware versions prior to V6_251031 for Archer C20 v6.0, EU_V5_260317 or US_V5_260419 for Archer C20 v5, V1_251215 for Archer AX53 v1.0, and 0.9.1 Build 20231120 Rel.62366 for TL-WR841N v13. The CVSS 4.0 vector indicates the attack requires adjacent network access, has low complexity, no privileges or user interaction, but results in high impact on integrity and availability.
Potential Impact
Successful exploitation allows unauthenticated adjacent attackers to perform administrative actions such as factory reset and reboot on affected devices. This leads to loss of device configuration and interruption of device availability, potentially disrupting network operations relying on these devices.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official patch or fix information is provided in the available data. Until a patch is available, restrict access to the adjacent network to trusted users only and monitor for unusual device resets or reboots.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TPLink
- Date Reserved
- 2026-01-09T21:48:53.385Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 697119084623b1157ce32430
Added to database: 1/21/2026, 6:20:56 PM
Last enriched: 4/30/2026, 3:05:43 AM
Last updated: 5/10/2026, 12:30:09 PM
Views: 217
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.