RCE in Tp Link Systems Inc. Archer Mr402 V1
CVE-2026-11834
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vuln…
Vulnerability class: Command Injection (OS Command Injection)
Affected products
- Tp Link Systems Inc. Archer Mr402 V1 — versions 0
- Tp-link Systems Inc. Archer C20 V5 — versions 0
- Tp-link Systems Inc. Archer C20 V6 — versions 0
- Tp-link Systems Inc. Archer Mr200 V07 — versions 0
- Tp-link Systems Inc. Archer Mr200 V8 — versions 0
- Tp-link Systems Inc. Archer Vr2100 V1 — versions 0
- Tp-link Systems Inc. Tl-mr6400 V7 — versions 0
Weakness classification (CWE)
References
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (patch)
- f23511db-6c3e-4e32-a477-6aa17d310630 (vendor-advisory)