Command Injection Vulnerability in Multiple TP-Link Router Models
CVE-2026-11834

8.7HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Archer Mr200 V07
Archer Mr200 V8
Archer Mr402 V1
Archer Vr2100 V1
Vendor
CVE Published:
22 June 2026

What is CVE-2026-11834?

A command injection vulnerability has been discovered in the DHCP option processing of various TP-Link router models, stemming from inadequate validation of DHCP option data supplied externally. An adjacent attacker could exploit this flaw by sending specially crafted DHCP responses, which might lead to unauthorized command execution during the device's initialization or provisioning phase. This exposure primarily affects devices operating in their factory-default or unconfigured states. If successfully exploited, this vulnerability may enable an adjacent, unauthenticated attacker to execute arbitrary commands with elevated privileges, allowing potential full compromise of the affected device and unauthorized administrative access.

Affected Version(s)

Archer C20 v5 0

Archer C20 v5 0

Archer C20 v6 0

References

https://www.tp-link.com/en/support/download/archer-c20/
patch
https://www.tp-link.com/en/support/download/archer-mr402/...
patch
https://www.tp-link.com/en/support/download/archer-mr200/...
patch

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matt Graham (mattg.systems)
.