Tp-Link: >> Archer C60 Firmware Security Vulnerabilities
User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-11