CVE-2017-11519

CRITICAL

TP-Link Archer C9(UN) - Privilege Escalation

Title source: llm

Description

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.

Exploits (1)

nomisec WORKING POC 3 stars

by vakzz · poc

https://github.com/vakzz/tplink-CVE-2017-11519

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://www.tp-link.com/en/download/Archer-C9_V2.html#Firmware

[Exploit, Third Party Advisory] https://devcraft.io/posts/2017/07/21/tp-link-archer-c9-admin-password-reset.html

Scores

CVSS v3 9.8

EPSS 0.1324

EPSS Percentile 94.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-335

Status published

Products (1)

tp-link/archer_c9_\(2.0\)_firmware 160517

Published Jul 21, 2017

Tracked Since Feb 18, 2026