Authentication Logic Vulnerability on Multiple TP-Link Range Extenders
Summary
| CVE | CVE-2026-3294 |
|---|---|
| State | PUBLISHED |
| Assigner | TPLink |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-22 21:16:42 UTC |
| Updated | 2026-06-01 18:03:03 UTC |
| Description | An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability. |
Risk And Classification
Primary CVSS: v4.0 8.7 HIGH from f23511db-6c3e-4e32-a477-6aa17d310630
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.000490000 probability, percentile 0.156550000 (date 2026-06-04)
Problem Types: CWE-20 | CWE-862 | CWE-20 CWE-20 Improper Input Validation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | f23511db-6c3e-4e32-a477-6aa17d310630 | Secondary | 8.7 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 8.7 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| 3.1 | [email protected] | Primary | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
AdjacentAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
AdjacentAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Tp-link | Re305 | 1.0 | All | All | All |
| Operating System | Tp-link | Re305 Firmware | All | All | All | All |
| Hardware | Tp-link | Re360 | 1.0 | All | All | All |
| Operating System | Tp-link | Re360 Firmware | All | All | All | All |
| Hardware | Tp-link | Re580d | 1.0 | All | All | All |
| Operating System | Tp-link | Re580d Firmware | All | All | All | All |
| Hardware | Tp-link | Re650 | 1.0 | All | All | All |
| Operating System | Tp-link | Re650 Firmware | All | All | All | All |
| Hardware | Tp-link | Tl-wa860re | 4.0 | All | All | All |
| Operating System | Tp-link | Tl-wa860re Firmware | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | TP-Link Systems Inc. | Archer RE650 V1 | affected V1_20260429 custom | Not specified |
| CNA | TP-Link Systems Inc. | Archer RE305 V1 | affected V1_20260515 custom | Not specified |
| CNA | TP Link Systems Inc. | Archer RE360 V1 | affected V1_20260515 custom | Not specified |
| CNA | TP-Link Systems Inc. | TL-WA860RE V4 | affected V4_20260515 custom | Not specified |
| CNA | TP-Link Systems Inc. | RE580D V1 | affected V1_20260515 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.tp-link.com/en/support/download/re360/v1 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/us/support/faq/5101 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Vendor Advisory |
| www.tp-link.com/en/support/download/tl-wa860re/v4 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/us/support/download/re360/v1 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/en/support/download/re580d | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/us/support/download/re580d | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/us/support/download/tl-wa860re/v4 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/en/support/download/re650/v1 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/en/support/download/re305/v1 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/us/support/download/re650/v1 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| www.tp-link.com/us/support/download/re305/v1 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | Product |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Job Jobse (en)
There are currently no legacy QID mappings associated with this CVE.