Description
Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.

This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419


Archer AX53 v1.0 <

V1_251215



TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366
Published: 2026-01-21
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated administrative command execution
Action: Apply Firmware
AI Analysis

Impact

The vulnerability is a logic flaw in the TDDP module of TP‑Link Archer C20, Archer AX53, and TL‑WR841N routers, allowing unauthenticated adjacent attackers to trigger administrative actions such as factory reset and device reboot without any credentials. This results in loss of configuration and interruption of device availability. The affected firmware releases include Archer C20 v6.0 firmware older than V6_251031, Archer C20 v5 firmware older than EU_V5_260317 or US_V5_260419, and Archer AX53 v1.0 firmware older than V1_251215.

Affected Systems

Affected vendors and products are TP‑Link Systems Inc. Archer C20 firmware versions older than v6.251031, older than EU_V5_260317 or US_V5_260419 for the v5 line, and Archer AX53 firmware versions older than v1.251215. These routers are typically used in home and small office environments and expose the TDDP service to neighboring devices.

Risk and Exploitability

The vulnerability has a CVSS score of 7.2, indicating high severity. EPSS shows a very low exploitation likelihood (<1%). It is not currently listed in the CISA KEV catalog. Based on the description, the attack vector is an unauthenticated attacker on the adjacent network segment exploiting the TDDP module without credentials, which can force factory resets and reboots, causing a denial of service and loss of configuration on the affected routers.

Generated by OpenCVE AI on April 29, 2026 at 00:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from TP‑Link for Archer C20 (v6.251031 or later).
  • Apply the latest firmware update for Archer AX53 (v1.251215 or later).
  • If a firmware update is not immediately available, isolate the router from the local network or disable the TDDP service to prevent unauthenticated access.

Generated by OpenCVE AI on April 29, 2026 at 00:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366 Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability. This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366

Thu, 23 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366
Title Logic Vulnerability on TP-Link Archer C20 and Archer AX53 Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13
References

Wed, 22 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031. Archer AX53 v1.0 < V1_251215 Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215
References

Tue, 10 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Ax53 Firmware
Tp-link archer C20 Firmware
CPEs cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_c20:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_c20_firmware:6.0:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Ax53 Firmware
Tp-link archer C20 Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Ax53
Tp-link archer C20
Vendors & Products Tp-link
Tp-link archer Ax53
Tp-link archer C20

Wed, 21 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 21 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
References

Wed, 21 Jan 2026 19:30:00 +0000

Type Values Removed Values Added
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N'}

Wed, 21 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 21 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
References

Wed, 21 Jan 2026 17:30:00 +0000

Type Values Removed Values Added
Description Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031. Archer AX53 v1.0 < V1_251215
Title Logic Vulnerability on TP-Link Archer C20 and Archer AX53
Weaknesses CWE-290
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Ax53 Archer Ax53 Firmware Archer C20 Archer C20 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-04-28T17:46:59.608Z

Reserved: 2026-01-09T21:48:53.385Z

Link: CVE-2026-0834

cve-icon Vulnrichment

Updated: 2026-01-21T18:36:14.293Z

cve-icon NVD

Status : Modified

Published: 2026-01-21T18:16:24.773

Modified: 2026-04-28T19:36:28.123

Link: CVE-2026-0834

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:00:11Z

Weaknesses