This page lists publicly disclosed CVE vulnerabilities affecting tp-link archer_c60_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1571 | User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted. | f23511db-6c3e-4e32-a477-6aa17d310630 | 5.3 | 0.29% | 2026-02-10 | 2026-06-17 |