CVE-2026-0834 HIGH

CVE-2026-0834: Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13

Vendor Tp-Link Systems Inc.
Product Archer C20 v6.0, Archer AX53 v1.0
Weakness CWE-290
Published January 21, 2026
Last update April 28, 2026

CVSS base score

7.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability. This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366

Key dates

02Disclosure timeline

January 21, 2026 CVE published
April 28, 2026 Record updated