Security Advisory

CVE-2026-1571

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-11 00:39:29

Last updated 2026-03-10 16:44:13

Assigner TPLink

State PUBLISHED

Description

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted.

← Browse all CVEs View on cve.org ↗