Tp-Link Archer C20 Firmware vulnerabilities
5 known vulnerabilities affecting tp-link/archer_c20_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-57049P1CRITICALCVSS 9.8ExploitedPoCv6.6_2304122025-02-18
CVE-2024-57049 [CRITICAL] CWE-287 CVE-2024-57049: A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permi
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. NOTE: this is disputed by the S
nvd
CVE-2023-37284P3HIGHCVSS 8.8fixed in 2306162023-09-06
CVE-2023-37284 [HIGH] CWE-287 CVE-2023-37284: Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_23
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.
nvd
CVE-2026-0834P3HIGHCVSS 8.8v6.02026-01-21
CVE-2026-0834 [HIGH] CWE-290 CVE-2026-0834: Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module)
Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing confi
nvd
CVE-2023-30383P3HIGHCVSS 7.5v1507072023-07-18
CVE-2023-30383 [HIGH] CWE-120 CVE-2023-30383: TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LIN
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.
nvd
CVE-2025-15551P4MEDIUMCVSS 5.6fixed in 2506302026-02-05
CVE-2025-15551 [MEDIUM] CWE-95 CVE-2025-15551: The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 fo
The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the us
nvd