logo

CVSS 8.7 Unauthenticated RCE Impacts Multiple TP-Link Routers

ID: 43cc294b-e644-5e46-9064-f21da73eba10

STIX ID: report--43cc294b-e644-5e46-9064-f21da73eba10

Feed Name: securityonline.info

Threat Score
72/100

Date Published: 2026-06-25

Date Updated: 2026-06-25

Author: Do Son

...
...

## Executive summary TP-Link disclosed CVE-2026-11834, a high-severity (CVSS 8.7) unauthenticated command injection vulnerability in DHCP option handling affecting numerous TP-Link consumer routers (e.g., Archer MR200, MR402, VR2100, C20, TL-MR6400). An adjacent attacker could supply crafted DHCP responses to factory-default or unconfigured devices to achieve remote code execution and full device takeover; vendor patches are available and users are urged to update firmware immediately. No active exploitation or public PoC has been confirmed at the time of this report.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.