CVE-2017-11519

CRITICAL

TP-Link Archer C9(UN) - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11519. PoCs published by vakzz.

AI-analyzed exploit summary This PoC exploits CVE-2017-11519 in TP-Link Archer C9 routers by resetting the admin password and achieving RCE via command injection in the USB sharing account creation process. It leverages weak PRNG predictability and command injection in the 'usbuser' binary.

Description

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.

Exploits (1)

nomisec WORKING POC 3 stars

by vakzz · poc

https://github.com/vakzz/tplink-CVE-2017-11519

View Code ZIP pw:eip

This PoC exploits CVE-2017-11519 in TP-Link Archer C9 routers by resetting the admin password and achieving RCE via command injection in the USB sharing account creation process. It leverages weak PRNG predictability and command injection in the 'usbuser' binary.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TP-Link Archer C9

No auth needed

Prerequisites: Network access to the router's web interface · Router must be vulnerable (unpatched)

MITRE ATT&CK

T1110 - Brute Force T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

http://www.tp-link.com/en/download/Archer-C9_V2.html#Firmware

Exploit, Third Party Advisory x_refsource_misc

https://devcraft.io/posts/2017/07/21/tp-link-archer-c9-admin-password-reset.html

Scores

CVSS v3 9.8

EPSS 0.0305

EPSS Percentile 85.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-335

Status published

Products (1)

tp-link/archer_c9_\(2.0\)_firmware 160517

Published Jul 21, 2017

Tracked Since Feb 18, 2026