CVE-2026-8697

HIGH

Improper Authentication Rate Limiting on TP-Link's Archer C64

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-8697. PoCs published by itzmetanjim.

AI-analyzed exploit summary The repository contains a functional Python script that exploits CVE-2026-8697, a logic flaw in TP-Link Archer C64 routers allowing brute-force attacks via an unprotected SSH service. The PoC automates password guessing to bypass the web UI rate limit.

Description

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.

Exploits (1)

github WORKING POC

by itzmetanjim · pythonpoc

https://github.com/itzmetanjim/cve-2026-8697

View Code ZIP pw:eip

The repository contains a functional Python script that exploits CVE-2026-8697, a logic flaw in TP-Link Archer C64 routers allowing brute-force attacks via an unprotected SSH service. The PoC automates password guessing to bypass the web UI rate limit.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TP-Link Archer C64 (firmware < 1.15.0)

No auth needed

Prerequisites: network access to the router · SSH service exposed on port 22

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 29, 2026 Full analysis →

References (2)

Core 2

Core References

Patch patch

https://www.tp-link.com/en/support/download/archer-c64/v1/#Firmware

Vendor Advisory vendor-advisory

https://www.tp-link.com/us/support/faq/5105/

Scores

CVSS v3 8.8

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-288 CWE-306

Status published

Products (2)

tp-link/archer_c64_firmware 1.15.0

TP-Link Systems Inc./Archer C64 v1.0 < 1.15.0 Build 250729 Rel.63489n(4555)

Published May 28, 2026

Tracked Since May 28, 2026