—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in TP-Link router 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

TL-WR841N v14 < 250908

Archer C20 v6.0  <V6_251031

Archer AX53 v1.0 <V1_251215

Archer MR600 v5 <1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n

Overview

Multiple vulnerabilities have been reported in TP-Link routers which could allow the attacker to perform denial of service, inject arbitrary system commands on the targeted device.

Target Audience:

All organizations and individuals using TP-Link Archer router.

Risk Assessment:

High risks of service interruption and unauthorized access.

Impact Assessment:

Potential impact on confidentiality, integrity and availability of the system.

Description

1. Denial of Service Vulnerability ( CVE-2025-9014   )

A Null Pointer Dereference vulnerability exists in the Referer header validation logic of the web management portal on the TP-Link TL-WR841N v14 router, caused by improper input validation.

Successful exploitation of this vulnerability could allow an attacker to trigger a Denial of Service (DoS) condition, causing the web management portal service to crash or become unavailable.

2. Authentication Bypass Logic Vulnerability ( CVE-2026-0834   )

A logic flaw in the TDDP module of TP-Link Archer C20 v6.0 and Archer AX53 v1.0 allows unauthenticated adjacent network attackers to execute privileged administrative commands without valid credentials.

Successful exploitation of this vulnerability could allow attackers to perform actions such as factory reset and device reboot, leading to configuration loss and service disruption.

3. Command Injection Vulnerability ( CVE-2025-14756   )

A vulnerability exists in the administrative interface of the TP-Link Archer MR600 v5 router firmware, due to insufficient input sanitization, an authenticated attacker can submit specially crafted input in the browser developer console.

Successful exploitation could allow an attacker to execute arbitrary system commands with elevated privileges, potentially leading to service disruption, de-vice takeover, or full system compromise.

Solution

Apply appropriate updates as mentioned in:

https://www.tp-link.com/hk/support/faq/4894/

https://www.tp-link.com/hk/support/faq/4905/

https://www.tp-link.com/hk/support/faq/4916/

Vendor Information

TP-Link

https://www.tp-link.com/hk/support/faq/4894/

https://www.tp-link.com/hk/support/faq/4905/

https://www.tp-link.com/hk/support/faq/4916/

References

TP-Link

https://www.tp-link.com/hk/support/faq/4894/

https://www.tp-link.com/hk/support/faq/4905/

https://www.tp-link.com/hk/support/faq/4916/

CVE Name

CVE-2025-9014

CVE-2026-0834

CVE-2025-14756

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAml8oF8ACgkQ3jCgcSdc

ys8YIw/7BL2qa8uFZoi8QsxqOfsgbAs5hMTuqPpbu0HOQpfNWHvPavnN1XhvJlIC

x9zm5yOOXO3V+PmCNH3PPja99ZF7BdQIJkdidHaqZ6EHKPMB2ORtE3oqUqxH448V

3k8nTecveMpO+tx9vz5fqe/h22G3OP49WOPeNJcsXgT0SZGXiN+Q1oPxqC+FA7Oo

yieAMKSjeGZ2FH4UmMxGguR5WAfQTCB17/qBt6VVWo/dLqAprCSztL4ajiiqIizU

qJC6fK1ASset1Kp9uM7HkClFbOOeR0RwZs0pxLTVfivdpaqiE/Nc3bpp4yXbBotz

th0p4+3NNp/7fsgphQKLYUagOPOzut2UaSuCTM9lSNoGsUWBacXjjJO2VbSBhKCu

0w+WvTmF+k7+wFpz2R+Wyu1QvNlvVC9gFvip1j1PFqR3jJyI/VQuFy85zzy9DN+b

jgyhBAFsorKidRZ3FNZBYtcHhsv8s5rapQQBHuAvNEZNgPK1mrVUAlHXY0EPuUx8

FHhD+EmD97OZMTObXFBYJqzwKinNsqzqLA4gz8XezVye7DxAuAMeV2yvNXl26p3l

G04vEU6lyPsRFJRwI4fv/UcQNQdUzejD6Rsdh6nKK2ClFs7KXHFIjRr+cBw8+km+

aYEE4fyqB2w475XP7MljNWwfIPilS2RhU8/yLFTMyEcCrDmQcrA=

=/Im3

—–END PGP SIGNATURE—–