Primary

Context

TP-Link Archer C60 V3 Reflected Cross-Site Scripting Vulnerability Allowing Arbitrary JavaScript Execution

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the TP-Link Archer C60 V3 router. This issue arises because user-controlled input is not properly encoded before being output in the HTML, allowing for the execution of arbitrary JavaScript. An attacker could exploit this by sending a crafted URL that, when clicked, executes the script in the context of the device's web user interface. This could lead to credential theft, session hijacking, or unauthorized actions, particularly if a privileged user is targeted.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute JavaScript in the context of the user's session on the device's web interface.

Remediation

Users are advised to update to the latest firmware version. The latest firmware can be downloaded from the TP-Link official website.

Added: Feb 11, 2026, 2:39 AM

Updated: Feb 11, 2026, 2:39 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer C60 V3 Reflected Cross-Site Scripting Vulnerability Allowing Arbitrary JavaScript Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating