Tp Link · Archer C60 · CVE-2026-1571
**Name of the Vulnerable Software and Affected Versions**
TP-Link Archer C60 version 3
**Description**
The device allows execution of arbitrary JavaScript code through a crafted URL due to improper encoding of user-controlled input reflected in the HTML output. An attacker could potentially steal credentials, hijack sessions, or perform unintended actions by targeting privileged users within the device's web user interface context.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.