Affected Vendors
- Cisco: 5 CVEs (1 High, 4 Medium)
- TP-Link: 1 CVE (High)
- DD-WRT: 1 CVE (Critical)
Critical Vulnerability in DD-WRT Requires Immediate Action
This week's most urgent concern is CVE-2021-47854, a critical buffer overflow vulnerability (CVSS 9.8) in DD-WRT version 45723 affecting the UPNP network discovery service. Remote attackers can exploit this flaw by sending specially crafted packets to execute arbitrary code on affected devices. If you're running DD-WRT in your environment, verify your version immediately and upgrade to the latest patched release. UPNP is enabled by default on many routers, so this vulnerability poses significant risk even without direct internet exposure.
TP-Link Administrative Command Execution Flaw
CVE-2026-0834 (CVSS 8.8) affects multiple TP-Link models including the Archer C20 (v5, v6.0), Archer AX53 (v1.0), and TL-WR841N (v13). A logic vulnerability in the TDDP module allows unauthenticated adjacent network attackers to execute administrative commands, including factory reset operations. This is particularly dangerous in shared network environments (offices, apartments, campus networks) where attackers don't need direct physical access. Check your TP-Link device firmware version and apply patches as soon as they become available.
Cisco Infrastructure Updates
Cisco issued 5 vulnerabilities this week across multiple product lines. CVE-2026-20045 (CVSS 8.2) affects Unified Communications Manager and related products, though specifics remain truncated in available data. The remaining four medium-severity issues span authentication services, SSH availability, and web management interfaces. Cisco administrators should prioritize CVE-2026-20045 and check Cisco's security advisories for affected product versions and patch availability.