Description
Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH.

Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.
Published: 2026-05-28
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Archer C64 firmware v1.0 exposes a debug SSH service that does not enforce authentication rate limiting, a flaw described by CWE‑288 and CWE‑306. Because the SSH server accepts unlimited login attempts and uses the same account credentials as the web interface, an attacker can brute‑force valid administrator credentials. Once authenticated, the attacker gains full control over the router, compromising confidentiality, integrity, and availability of the network managed by the device.

Affected Systems

TP‑Link Archer C64 routers running firmware version 1.0 are affected. The flaw is located in the debug SSH sub‑service bundled with this firmware and allows unauthorized credential discovery on devices that have not applied the fix.

Risk and Exploitability

The CVSS score of 8.7 signals a high severity risk. The EPSS score is less than 1%, indicating a very low but nonzero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. An attacker must reach the router’s local or adjacent network to connect to its SSH port and conduct brute‑force attempts against the shared credentials. Because the authentication loop is unlimited, exploitation is technically straightforward in environments where the router is exposed to untrusted or nearby devices, making the risk of compromise significant if no remediation is applied.

Generated by OpenCVE AI on June 3, 2026 at 19:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update that enforces authentication rate limiting on the SSH service, addressing the authentication weaknesses (CWE‑288, CWE‑306).
  • If a firmware update is not yet available, block or disable the debug SSH port using the router’s firewall or ACL to eliminate the brute‑force vector.
  • Restrict local network access to the router by segmenting the network or configuring the router to allow SSH only from trusted IP addresses.

Generated by OpenCVE AI on June 3, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer C64 Firmware
Weaknesses CWE-306
CPEs cpe:2.3:h:tp-link:archer_c64:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_c64_firmware:1.15.0:*:*:*:*:*:*:*
Vendors & Products Tp-link archer C64 Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer C64
Vendors & Products Tp-link
Tp-link archer C64

Thu, 28 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 28 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.
Title Improper Authentication Rate Limiting on TP-Link's Archer C64
Weaknesses CWE-288
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer C64 Archer C64 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-05-29T03:55:51.604Z

Reserved: 2026-05-15T16:35:09.352Z

Link: CVE-2026-8697

cve-icon Vulnrichment

Updated: 2026-05-28T19:26:02.748Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T17:16:33.657

Modified: 2026-06-03T18:14:26.590

Link: CVE-2026-8697

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T19:30:36Z

Weaknesses
  • CWE-288

    Authentication Bypass Using an Alternate Path or Channel

  • CWE-306

    Missing Authentication for Critical Function