CVE-2026-1571 – This is a cross-site scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2026-1571?

CVE-2026-1571 has a CVSS score of 6.1 (MEDIUM). This is a cross-site scripting (XSS) vulnerability in TP-Link Archer C60 v3 routers where user input is reflected in HTML output without proper encoding. Attackers can craft malicious URLs to execute arbitrary JavaScript in the device's web interface context, potentially compromising router administration sessions. Users of TP-Link Archer C60 v3 routers with vulnerable firmware are affected.

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in TP-Link Archer C60 v3 routers where user input is reflected in HTML output without proper encoding. Attackers can craft malicious URLs to execute arbitrary JavaScript in the device's web interface context, potentially compromising router administration sessions. Users of TP-Link Archer C60 v3 routers with vulnerable firmware are affected.

💻 Affected Systems

Products:

TP-Link Archer C60 v3

Versions: All firmware versions prior to the fix

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the v3 hardware version of Archer C60. Requires access to the web interface, either locally or via remote management if enabled.

📦 What is this software?

Archer C60 Firmware by Tp Link

View all CVEs affecting Archer C60 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal administrator credentials, hijack active sessions, change router configuration, or redirect users to malicious sites, potentially gaining full control of the router.

🟠

Likely Case

Attackers could steal session cookies or credentials when administrators visit crafted URLs, enabling unauthorized access to router settings.

🟢

If Mitigated

With proper input validation and output encoding, the vulnerability would be prevented, and impact would be limited to unsuccessful exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires the victim to visit a crafted URL while authenticated to the router's web interface. No authentication is needed to craft the malicious URL.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check TP-Link support site for latest firmware

Vendor Advisory: https://www.tp-link.com/en/support/download/archer-c60/#Firmware

Restart Required: Yes

Instructions:

1. Visit TP-Link Archer C60 v3 firmware download page. 2. Download latest firmware for your hardware version. 3. Log into router web interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevents external access to router web interface

Use Browser Security Extensions

all

Install XSS protection browser extensions like NoScript

🧯 If You Can't Patch

Restrict access to router web interface to trusted networks only
Implement network segmentation to isolate router management interface

🔍 How to Verify

Check if Vulnerable:

Check current firmware version in router web interface under System Tools > Firmware Upgrade

Check Version:

No CLI command - check via web interface at 192.168.0.1 or 192.168.1.1

Verify Fix Applied:

Verify firmware version matches latest available from TP-Link support site

📡 Detection & Monitoring

Log Indicators:

Unusual URL parameters in web interface access logs
Multiple failed login attempts followed by successful login

Network Indicators:

HTTP requests with suspicious JavaScript in URL parameters to router IP

SIEM Query:

source="router_logs" AND (url="*<script>*" OR url="*javascript:*")

📊 Metadata

CVE ID: CVE-2026-1571

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.08% exploit probability (22.8th percentile)

Published: February 11, 2026

Last Updated: February 20, 2026

🔗 References

https://www.tp-link.com/en/support/download/archer-c60/#Firmware Product
https://www.tp-link.com/us/support/faq/4961/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1571, you might also want to check these: