CVE-2026-1571

Name of the Vulnerable Software and Affected Versions TP-Link Archer C60 version 3

Description The device allows execution of arbitrary JavaScript code through a crafted URL due to improper encoding of user-controlled input reflected in the HTML output. An attacker could potentially steal credentials, hijack sessions, or perform unintended actions by targeting privileged users within the device's web user interface context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.