CVSS 8.7 Unauthenticated RCE Impacts Multiple TP-Link Routers
ID: 43cc294b-e644-5e46-9064-f21da73eba10
STIX ID: report--43cc294b-e644-5e46-9064-f21da73eba10
Feed Name: securityonline.info
## Executive summary TP-Link disclosed CVE-2026-11834, a high-severity (CVSS 8.7) unauthenticated command injection vulnerability in DHCP option handling affecting numerous TP-Link consumer routers (e.g., Archer MR200, MR402, VR2100, C20, TL-MR6400). An adjacent attacker could supply crafted DHCP responses to factory-default or unconfigured devices to achieve remote code execution and full device takeover; vendor patches are available and users are urged to update firmware immediately. No active exploitation or public PoC has been confirmed at the time of this report.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
