Primary

Context

TP-Link Range Extenders Authentication Logic Vulnerability Allowing Unauthorized Password Resets and Admin Access

Vulnerability

Patched

A vulnerability in the authentication logic of several TP-Link range extenders enables an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password, exploiting inadequate validation. This exploitation grants full administrative control over the affected device, with potential repercussions for confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability allows for unauthorized password resets and administrative access on the affected device.

Remediation

Users are advised to update to the latest firmware version available on the TP-Link official website. Specific download links for the updated firmware are provided in the TP-Link security advisory.

Added: May 26, 2026, 2:35 PM

Updated: May 26, 2026, 2:35 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Range Extenders Authentication Logic Vulnerability Allowing Unauthorized Password Resets and Admin Access

Vulnerability

Impact

Remediation

Affected Products

TP-Link RE305

TP-Link RE360

TP-Link RE580D

TP-Link RE650

TP-Link TL-WA860RE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating