CVE-2026-3294— Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

AI Predicted 8.1 Difficulty: Easy EPSS 0.40% · P31 Updated May 27, 2026

Possible ATT&CK Techniques 3AI

T1546.001 · Change Default File Association T1078 · Valid Accounts T1190 · Exploit Public-Facing Application

Affected Version Matrix 5

Vendor	Product	Version Range	Status
TP Link Systems Inc.	Archer RE360 v1	`< V1_20260515`	affected
TP-Link Systems Inc.	Archer RE305 v1	`< V1_20260515`	affected
TP-Link Systems Inc.	Archer RE650 v1	`< V1_20260429`	affected
TP-Link Systems Inc.	RE580D v1	`< V1_20260515`	affected
TP-Link Systems Inc.	TL-WA860RE v4	`< V4_20260515`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-3294

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

Source: NVD (National Vulnerability Database)

Vulnerability Description

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

TP-Link多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TP-Link Archer RE650等都是中国普联（TP-Link）公司的产品。TP-Link Archer RE650是一款双频千兆无线信号扩展器。TP-Link Archer RE305是一款双频千兆无线信号扩展器。TP-Link Archer RE360是一款支持双频Wi-Fi扩展的无线中继器。 TP-Link多款产品存在安全漏洞，该漏洞源于认证逻辑问题，可能导致相邻网络上的未认证攻击者操作登录参数并重置管理员密码，从而获得设备的完全管理控制权，影响机密性、完整性和可用性。以下产品受到影响：Ar

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
TP-Link Systems Inc.	Archer RE650 v1	0 ~ V1_20260429	-
TP-Link Systems Inc.	Archer RE305 v1	0 ~ V1_20260515	-
TP Link Systems Inc.	Archer RE360 v1	0 ~ V1_20260515	-
TP-Link Systems Inc.	TL-WA860RE v4	0 ~ V4_20260515	-
TP-Link Systems Inc.	RE580D v1	0 ~ V1_20260515	-

II. Public POCs for CVE-2026-3294

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-3294

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-3294 (1)

🔗 Security Advisory on Authentication Logic Vulnerability on Multiple TP-Link Range Extenders (CVE-2026-3294) Read full article vendor-advisory

Vendor Pages for CVE-2026-3294 (10)

https://nvd.nist.gov/vuln/detail/CVE-2026-3294

IV. Related Vulnerabilities

Same vendor: TP-Link Systems Inc.

Same weakness: CWE-20

V. Comments for CVE-2026-3294

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-3294— Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

Possible ATT&CK Techniques 3AI

Affected Version Matrix 5

I. Basic Information for CVE-2026-3294

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-3294

III. Intelligence Information for CVE-2026-3294

Vendor Advisories for CVE-2026-3294 (1)

Vendor Pages for CVE-2026-3294 (10)

IV. Related Vulnerabilities

V. Comments for CVE-2026-3294

Leave a comment