CVE-2026-3294

Received Received - Intake

BaseFortify

Publication date: 2026-05-22

Last updated on: 2026-05-22

Assigner: TPLink

Description

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-22

Last Modified

2026-05-22

Generated

2026-05-26

EPSS Evaluated

N/A

NVD

CVE-2026-3294

EUVD

EUVD-2026-31502

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-20	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-3294

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart