Description
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031.


Archer AX53 v1.0 <

V1_251215
Published: 2026-01-21
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated administrative command execution
Action: Apply Firmware
AI Analysis

Impact

The vulnerability is a logic flaw in the TDDP module of TP‑Link Archer C20 v6.0 and Archer AX53 v1.0. It allows an attacker who shares an adjacent network to trigger administrative actions such as factory reset and device reboot without any credentials. The impact is loss of configuration and service interruption of the device, which can affect all devices relying on the router.

Affected Systems

Affected vendors and products are TP‑Link Systems Inc. Archer C20 firmware versions older than v6.251031 and Archer AX53 firmware versions older than v1.251215. These routers are typically used in home and small office environments and expose the TDDP service to neighboring devices.

Risk and Exploitability

The vulnerability has a CVSS score of 7.2, indicating high severity. EPSS shows a very low exploitation likelihood (<1%). It is not currently listed in the CISA KEV catalog. Based on the description, the attack vector is an unauthenticated attacker on the adjacent network segment exploiting the TDDP module without credentials, which can force factory resets and reboots, causing a denial of service and loss of configuration on the affected routers.

Generated by OpenCVE AI on April 18, 2026 at 04:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from TP‑Link for Archer C20 (v6.251031 or later).
  • Apply the latest firmware update for Archer AX53 (v1.251215 or later).
  • If a firmware update is not immediately available, isolate the router from the local network or disable the TDDP service to prevent unauthenticated access.

Generated by OpenCVE AI on April 18, 2026 at 04:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Ax53 Firmware
Tp-link archer C20 Firmware
CPEs cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c20:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_c20_firmware:6.0:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Ax53 Firmware
Tp-link archer C20 Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Ax53
Tp-link archer C20
Vendors & Products Tp-link
Tp-link archer Ax53
Tp-link archer C20

Wed, 21 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 21 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
References

Wed, 21 Jan 2026 19:30:00 +0000

Type Values Removed Values Added
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Wed, 21 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 21 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
References

Wed, 21 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031. Archer AX53 v1.0 < V1_251215
Title Logic Vulnerability on TP-Link Archer C20 and Archer AX53
Weaknesses CWE-290
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Ax53 Archer Ax53 Firmware Archer C20 Archer C20 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-02-26T14:44:34.299Z

Reserved: 2026-01-09T21:48:53.385Z

Link: CVE-2026-0834

cve-icon Vulnrichment

Updated: 2026-01-21T18:36:14.293Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-21T18:16:24.773

Modified: 2026-02-10T16:34:23.943

Link: CVE-2026-0834

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T04:15:05Z

Weaknesses