CVE•Published 2026-05-28•Modified 2026-06-03•1 article on news•5 live references•NVD data

CVE-2026-8697Tp-link · Archer_c64_firmware

Vulnerability data via NVD (ingested)

CVSS v3.1

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS percentile

—

Weaknesses (CWE)

CWE-288Authentication Bypass Using an Alternate Path or Channel CWE-306Missing Authentication for Critical Function

Description

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.

Timeline

Published 2026-05-28

Modified 2026-06-03

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-8697

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · OS

os:"Archer C64 Firmware"

Hosts Shodan identified as running Archer C64 Firmware.

More intel sources (5)

Shodan report

vuln:CVE-2026-8697

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-8697