India’s Computer Emergency Response Team (CERT-In) has issued a high-severity vulnerability note warning users of multiple security flaws affecting TP-Link Archer series routers. The advisory, identified as CIVN-2026-0034, highlights risks that could allow attackers to delete files or trigger denial-of-service (DoS) conditions on impacted devices.
Systems affected
According to CERT-In, the vulnerabilities impact specific versions of TP-Link Archer routers. These include the TP-Link Archer BE400 V1 running firmware version 1.1.0 build 20250710 rel.14914 and earlier, and the TP-Link Archer AXE75 v1.6 running firmware versions prior to build 20250107. Users operating these versions are advised to take corrective action without delay.
Nature of the vulnerability
The advisory states that the issues stem from improper input validation and incorrect handling of pointer references within the 802.11 wireless module processing code. If successfully exploited, these flaws could allow a remote attacker to perform arbitrary file deletion on the router. In addition, the attacker could cause a denial-of-service condition, potentially disrupting internet connectivity for users relying on the affected devices.
CERT-In noted that TP-Link Archer routers are commonly used in homes and organisations for wireless internet access across 2.4GHz, 5GHz, and 6GHz bands. As a result, exploitation could impact both individual users and enterprise environments.
Risk and impact assessment
CERT-In has classified the vulnerability as high severity. The risk assessment points to a high likelihood of service interruption and unauthorised access. From an impact perspective, the flaws could affect the confidentiality, integrity, and availability of the system, depending on how the vulnerability is exploited.
Recommended action
CERT-In has advised users and organisations to apply appropriate firmware updates provided by the vendor. TP-Link has released updates and guidance through its official support channels to address the reported issues. Users are also encouraged to regularly check for firmware updates, restrict remote management access where not required, and follow general network security best practices.
The advisory applies to all individuals and organisations using the affected TP-Link Archer router models.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
