EIP-2026-102056
PRE-CVETP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-102056. PoCs published by Wadeek.
AI-analyzed exploit summary This Ruby script exploits a CSRF vulnerability in TP-Link Archer C50 v3 routers to disclose sensitive information such as wireless settings and DDNS configurations. It sends crafted POST requests to the router's CGI endpoints without requiring authentication.
Description
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
Exploits (1)
exploitdb
WORKING POC
by Wadeek · rubywebappshardware
https://www.exploit-db.com/exploits/45173
This Ruby script exploits a CSRF vulnerability in TP-Link Archer C50 v3 routers to disclose sensitive information such as wireless settings and DDNS configurations. It sends crafted POST requests to the router's CGI endpoints without requiring authentication.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
TP-Link Archer C50 v3 (Firmware <= Build 171227)
No auth needed
Prerequisites:
Network access to the router's web interface (typically 192.168.0.1)
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026