CVE-2026-8697

216.73.217.22

· Published 28/05/2026 17:16 · Modified 28/05/2026 18:38

Labels: CVE-2026-8697 2026-05-28 CVE-2026-8697 CWE-288 f23511db-6c3e-4e32-a477-6aa17d310630

Essential information

Published: 28/05/2026 17:16
Modified: 28/05/2026 18:38
Author: —
Creator: —
CVSS: 8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful exploitation could allow an attacker with adjacent network access to obtain administrative credentials through unrestricted authentication attempts and subsequently gain full administrative access to the device, impacting system confidentiality, integrity, and availability.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: f23511db-6c3e-4e32-a477-6aa17d310630
NVD: View on NVD

Affected products (CPE)

Product	CPE
archer / c64	`cpe:2.3:a:archer:c64:v1:::::::*`