Description
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation.

Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.
Published: 2026-05-22
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authentication logic flaw in several TP‑Link wireless range extenders lets an unauthenticated attacker on an adjoining network alter a login parameter and reset the device’s administrator password, thereby obtaining full administrative control. The attacker can then read, modify, or stop any traffic handled by the extender, compromising confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects TP‑Link devices Archer RE360 v1, Archer RE305 v1, Archer RE650 v1, RE580D v1 and TL‑WA860RE v4, all of which run the original firmware releases listed by the vendor.

Risk and Exploitability

The flaw carries a CVSS score of 8.7, indicating high severity, and is not yet listed in the CISA KEV catalog. EPSS data is unavailable, but the attack can be carried out from any adjacent network that can reach the extender’s management interface, requiring no credentials. Once the password is reset, the attacker exploits the full privileged access, making the risk significant for environments where the device is managed remotely or exposed to untrusted networks.

Generated by OpenCVE AI on May 22, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the firmware to the latest version available from TP‑Link’s support site.
  • Disable remote management and limit administrative access to the local network only.
  • Implement network segmentation or a firewall rule to block management traffic to the extender from untrusted subnets.

Generated by OpenCVE AI on May 22, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.
Title Authentication Logic Vulnerability on Multiple TP-Link Range Extenders
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-05-22T20:48:36.242Z

Reserved: 2026-02-26T19:00:32.766Z

Link: CVE-2026-3294

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T22:30:02Z

Weaknesses