CVE-2026-8697

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,7

Source: f23511db-6c3e-4e32-a477-6aa17d310630

Attack Vector: adjacent

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH.

Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.

288

Authentication Bypass Using an Alternate Path or Channel

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

Technologies: Not Technology-Specific, Web Based

View CWE Details

https://www.tp-link.com/en/support/download/archer-c64/v1/#…

https://www.tp-link.com/en/support/download/archer-c64/v1/#Firmware

https://www.tp-link.com/us/support/faq/5105/

CVE-2026-8697

Description

Authentication Bypass Using an Alternate Path or Channel

Common Consequences

Applicable Platforms

Iscriviti alla newsletter