Threat Advisory

TP-Link Router Vulnerability Enables Remote Code Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-11834 with a CVSS score of 8.7 is a high-severity vulnerability in TP-Link routers, specifically affecting Archer MR200 versions less than 1.3.0 Build 250605, less than 1.5.0 Build 260605, and other versions, allowing unauthenticated remote code execution on the local network due to improper validation during DHCP option processing, which can be exploited by an adjacent attacker supplying crafted DHCP responses to the unconfigured target device, resulting in unauthorized command execution with elevated privileges, enabling the attacker to gain total system takeover without requiring any user interaction, and potentially leading to significant business impact, including compromised network infrastructure and data breaches, if the attacker has access to the local network and the device is in a factory-default state, with no confirmed exploitation or public proof-of-concept existing yet, but posing a significant risk to residential and business networks.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-11834 with a CVSS score of 8.7 is a high-severity vulnerability in TP-Link routers, specifically affecting Archer MR200 versions less than 1.3.0 Build 250605, less than 1.5.0 Build 260605, and other versions, allowing unauthenticated remote code execution on the local network due to improper validation during DHCP option processing, which can be exploited by an adjacent attacker supplying crafted DHCP responses to the unconfigured target device, resulting in unauthorized command execution with elevated privileges, enabling the attacker to gain total system takeover without requiring any user interaction, and potentially leading to significant business impact, including compromised network infrastructure and data breaches, if the attacker has access to the local network and the device is in a factory-default state, with no confirmed exploitation or public proof-of-concept existing yet, but posing a significant risk to residential and business networks.[emaillocker id="1283"]

RECOMMENDATION:

  • We recommend you to update TP-Link Archer MR200 to version 1.5.0 Build 260605.
  • We recommend you to update TP-Link Archer MR200 to version EU_V1_260330.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/tp-link-router-command-injection/

[/emaillocker]
crossmenu