PT-2026-55273 · Tp Link · Archer C5

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-8699

CVSS v4.0

7.0

High

VectorAV:A/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Archer C5 version 6.8
Description A stored Cross-Site Scripting (XSS) issue exists in the web-based management interface. The flaw stems from insufficient server-side validation and a lack of proper output encoding of user-controlled input. An attacker with administrative privileges can inject crafted HTML or JavaScript payloads into a specific field. These payloads are stored and executed when an administrator renders the affected page, allowing the execution of arbitrary JavaScript. This can lead to session hijacking, unauthorized access to router configuration, exposure of sensitive data, and modification of device settings. This issue specifically affects ISP-managed firmware variants.
Recommendations As remediation is coordinated through service providers, contact your Internet Service Provider (ISP) to obtain the necessary firmware update for version 6.8.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8699

Affected Products

Archer C5