Description
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation.

Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.
Published: 2026-05-22
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authentication logic flaw in several TP‑Link wireless range extenders lets an unauthenticated attacker on an adjoining network alter a login parameter and reset the device’s administrator password, thereby obtaining full administrative control. The attacker can then read, modify, or stop any traffic handled by the extender, compromising confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects TP‑Link devices Archer RE360 v1, Archer RE305 v1, Archer RE650 v1, RE580D v1 and TL‑WA860RE v4, all of which run the original firmware releases listed by the vendor.

Risk and Exploitability

The flaw carries a CVSS score of 8.7, indicating high severity, and is not yet listed in the CISA KEV catalog. The EPSS score is less than 1%, suggesting a low yet non‑zero probability of exploitation. The attack can be carried out from any adjacent network that can reach the extender’s management interface, requiring no credentials. Once the password is reset, the attacker gains full privileged access, making the risk significant for environments where the device is managed remotely or exposed to untrusted networks.

Generated by OpenCVE AI on June 1, 2026 at 19:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the firmware to the latest version available from TP‑Link’s support site.
  • Disable remote management and limit administrative access to the local network only.
  • Implement network segmentation or a firewall rule to block management traffic to the extender from untrusted subnets.

Generated by OpenCVE AI on June 1, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link re305
Tp-link re305 Firmware
Tp-link re360
Tp-link re360 Firmware
Tp-link re580d
Tp-link re580d Firmware
Tp-link re650
Tp-link re650 Firmware
Tp-link tl-wa860re
Tp-link tl-wa860re Firmware
Weaknesses CWE-862
CPEs cpe:2.3:h:tp-link:re305:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:re360:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:re580d:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:re650:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wa860re:4.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:re305_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:re360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:re580d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:re650_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wa860re_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link re305
Tp-link re305 Firmware
Tp-link re360
Tp-link re360 Firmware
Tp-link re580d
Tp-link re580d Firmware
Tp-link re650
Tp-link re650 Firmware
Tp-link tl-wa860re
Tp-link tl-wa860re Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 26 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 25 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Re305 V1
Tp-link archer Re360 V1
Tp-link archer Re650 V1
Tp-link re580d V1
Tp-link tl-wa860re V4
Vendors & Products Tp-link
Tp-link archer Re305 V1
Tp-link archer Re360 V1
Tp-link archer Re650 V1
Tp-link re580d V1
Tp-link tl-wa860re V4

Fri, 22 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.
Title Authentication Logic Vulnerability on Multiple TP-Link Range Extenders
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Re305 V1 Archer Re360 V1 Archer Re650 V1 Re305 Re305 Firmware Re360 Re360 Firmware Re580d Re580d Firmware Re580d V1 Re650 Re650 Firmware Tl-wa860re Tl-wa860re Firmware Tl-wa860re V4
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-05-27T03:55:44.061Z

Reserved: 2026-02-26T19:00:32.766Z

Link: CVE-2026-3294

cve-icon Vulnrichment

Updated: 2026-05-26T14:44:43.043Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-22T21:16:42.960

Modified: 2026-06-01T18:03:03.877

Link: CVE-2026-3294

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T20:00:13Z

Weaknesses