8.8

CVE-2026-3294

Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation.

Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkRe305 Firmware Version < 20260515
   Tp-linkRe305 Version1.0
Tp-linkRe360 Firmware Version < 20260515
   Tp-linkRe360 Version1.0
Tp-linkRe580d Firmware Version < 20260515
   Tp-linkRe580d Version1.0
Tp-linkRe650 Firmware Version < 20260429
   Tp-linkRe650 Version1.0
Tp-linkTl-wa860re Firmware Version < 20260515
   Tp-linkTl-wa860re Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.314
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
f23511db-6c3e-4e32-a477-6aa17d310630 8.7 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.tp-link.com/en/support/download/re650/v1/#Firmware
Product
https://www.tp-link.com/us/support/download/re650/v1/#Firmware
Product
https://www.tp-link.com/us/support/download/re305/v1/#Firmware
Product
https://www.tp-link.com/en/support/download/re305/v1/#Firmware
Product
https://www.tp-link.com/us/support/download/re360/v1/#Firmware
Product
https://www.tp-link.com/en/support/download/re360/v1/#Firmware
Product
https://www.tp-link.com/us/support/download/tl-wa860re/v4/#Firmware
Product
https://www.tp-link.com/en/support/download/tl-wa860re/v4/#Firmware
Product
https://www.tp-link.com/en/support/download/re580d/#Firmware
Product
https://www.tp-link.com/us/support/download/re580d/#Firmware
Product
https://www.tp-link.com/us/support/faq/5101/
Vendor Advisory