Security Advisory on Logic Vulnerability on Archer C20, Archer AX53 and TL-WR841N (CVE-2026-0834)
Vulnerability Description:
Logic vulnerability in TP-Link Archer C20 v5, v6.0, Archer AX53 v1.0 and Tl-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute limited administrative commands including factory reset and device reboot without credentials.
Impact:
Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.
CVE-2026-0834:
CVSS v4.0 Score: 5.3 / Medium
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Affected Version |
|
Archer C20 v5
Archer C20 v6.0 Archer AX53 v1.0 TL-WR841N v13 |
< US_V5_260419 < EU_V5_260317 <V6_251031 <V1_251215 < 0.9.1 Build 20231120 Rel.62366 |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerabilities.
EN:https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware
https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
US: https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware
https://www.tp-link.com/us/support/download/tl-wr841n/v13/#Firmware
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
Looking For More
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.