CVE-2026-0834
Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
21/01/2026
Last modified:
28/04/2026
Description
Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.<br />
<br />
This issue affects Archer C20 v6.0
Impact
Base Score 4.0
7.20
Severity 4.0
HIGH
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:archer_c20_firmware:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:archer_c20:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://mattg.systems/posts/cve-2026-0834/
- https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
- https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware
- https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware
- https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware
- https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware
- https://www.tp-link.com/us/support/faq/4905/