EIP-2026-102055

PRE-CVE

TP-Link Archer CR-700 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102055. PoCs published by Ayushman Dutta.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in TP-Link Archer CR-700 routers by manipulating the DHCP host-name field to inject a malicious script. The script executes when an administrator logs into the router's console.

Description

TP-Link Archer CR-700 - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Ayushman Dutta · textwebappshardware

https://www.exploit-db.com/exploits/40432

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in TP-Link Archer CR-700 routers by manipulating the DHCP host-name field to inject a malicious script. The script executes when an administrator logs into the router's console.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: TP-Link Archer CR-700 (version 1.0.6)

No auth needed

Prerequisites: Access to a Linux system with DHCP client configuration privileges · Network access to a TP-Link Archer CR-700 router

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026