Search
Find a vulnerability
Search criteria
6 vulnerabilities found for Archer VX1800v v1 by TP-Link Systems Inc.
CVE-2026-15429 (GCVE-0-2026-15429)
Vulnerability from nvd – Published: 2026-07-14 17:04 – Updated: 2026-07-15 03:59
VLAI
EPSS
VEX
Title
Privilege Escalation via Improper Input Sanitization in TP-Link Archer VX1800v
Summary
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.
An
authenticated user with sufficient privileges may be able to modify account
settings and gain elevated administrative privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-93 - Improper neutralization of CRLF sequences ('CRLF injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/en/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5189/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 |
Affected:
0 , < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T03:59:52.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Archer VX1800v v1",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Klamm9"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.\u0026nbsp;\u003c/div\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eAn\nauthenticated user with sufficient privileges may be able to modify account\nsettings and gain elevated administrative privileges.\u003c/p\u003e"
}
],
"value": "A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.\u00a0\n\n\n\n\n\n\n\n\n\nAn\nauthenticated user with sufficient privileges may be able to modify account\nsettings and gain elevated administrative privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:04:06.888Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5189/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation via Improper Input Sanitization in TP-Link Archer VX1800v",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-15429",
"datePublished": "2026-07-14T17:04:06.888Z",
"dateReserved": "2026-07-10T16:59:17.389Z",
"dateUpdated": "2026-07-15T03:59:52.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15428 (GCVE-0-2026-15428)
Vulnerability from nvd – Published: 2026-07-14 17:03 – Updated: 2026-07-15 03:59
VLAI
EPSS
VEX
Title
OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
Summary
An OS
command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of
the domain name parameter. An adjacent attacker who can access the relevant
HTTP interface can modify the parameter to inject shell metacharacters, resulting
in arbitrary code execution with root privileges.
Successful
exploitation may allow remote code execution and complete compromise of the
device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/en/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5189/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 |
Affected:
0 , < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T03:59:51.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Archer VX1800v v1",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Klamm9"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn OS\ncommand injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of\nthe domain name parameter. An adjacent attacker who can access the relevant\nHTTP interface can modify the parameter to inject shell metacharacters, resulting\nin arbitrary code execution with root privileges.\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSuccessful\nexploitation may allow remote code execution and complete compromise of the\ndevice.\u003c/p\u003e"
}
],
"value": "An OS\ncommand injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of\nthe domain name parameter. An adjacent attacker who can access the relevant\nHTTP interface can modify the parameter to inject shell metacharacters, resulting\nin arbitrary code execution with root privileges.\n\n\n\n\n\n\n\n\n\nSuccessful\nexploitation may allow remote code execution and complete compromise of the\ndevice."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:03:33.853Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5189/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-15428",
"datePublished": "2026-07-14T17:03:33.853Z",
"dateReserved": "2026-07-10T16:59:16.057Z",
"dateUpdated": "2026-07-15T03:59:51.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15427 (GCVE-0-2026-15427)
Vulnerability from nvd – Published: 2026-07-14 17:02 – Updated: 2026-07-15 03:59
VLAI
EPSS
VEX
Title
OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
Summary
An OS command
injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of
parameters, allowing crafted input to be executed as system-level commands.
Exploitation requires specific conditions such as TR-069 being enabled and ability
to influence ACS-delivered commands, compromise or control an ACS server.
Successful
exploitation may allow arbitrary command execution with root privileges,
resulting in complete compromise of the device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/en/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5189/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 |
Affected:
0 , < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T03:59:48.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Archer VX1800v v1",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Klamm9"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn OS command\ninjection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of\nparameters, allowing crafted input to be executed as system-level commands.\nExploitation requires specific conditions such as TR-069 being enabled and ability\nto influence ACS-delivered commands, compromise or control an ACS server.\u003c/p\u003e\n\n\u003cp\u003eSuccessful\nexploitation may allow arbitrary command execution with root privileges,\nresulting in complete compromise of the device.\u003c/p\u003e"
}
],
"value": "An OS command\ninjection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of\nparameters, allowing crafted input to be executed as system-level commands.\nExploitation requires specific conditions such as TR-069 being enabled and ability\nto influence ACS-delivered commands, compromise or control an ACS server.\n\n\n\n\n\nSuccessful\nexploitation may allow arbitrary command execution with root privileges,\nresulting in complete compromise of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:02:50.086Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5189/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-15427",
"datePublished": "2026-07-14T17:02:50.086Z",
"dateReserved": "2026-07-10T16:59:14.788Z",
"dateUpdated": "2026-07-15T03:59:48.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15429 (GCVE-0-2026-15429)
Vulnerability from cvelistv5 – Published: 2026-07-14 17:04 – Updated: 2026-07-15 03:59
VLAI
EPSS
VEX
Title
Privilege Escalation via Improper Input Sanitization in TP-Link Archer VX1800v
Summary
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.
An
authenticated user with sufficient privileges may be able to modify account
settings and gain elevated administrative privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-93 - Improper neutralization of CRLF sequences ('CRLF injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/en/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5189/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 |
Affected:
0 , < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T03:59:52.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Archer VX1800v v1",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Klamm9"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.\u0026nbsp;\u003c/div\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eAn\nauthenticated user with sufficient privileges may be able to modify account\nsettings and gain elevated administrative privileges.\u003c/p\u003e"
}
],
"value": "A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.\u00a0\n\n\n\n\n\n\n\n\n\nAn\nauthenticated user with sufficient privileges may be able to modify account\nsettings and gain elevated administrative privileges."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:04:06.888Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5189/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation via Improper Input Sanitization in TP-Link Archer VX1800v",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-15429",
"datePublished": "2026-07-14T17:04:06.888Z",
"dateReserved": "2026-07-10T16:59:17.389Z",
"dateUpdated": "2026-07-15T03:59:52.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15428 (GCVE-0-2026-15428)
Vulnerability from cvelistv5 – Published: 2026-07-14 17:03 – Updated: 2026-07-15 03:59
VLAI
EPSS
VEX
Title
OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
Summary
An OS
command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of
the domain name parameter. An adjacent attacker who can access the relevant
HTTP interface can modify the parameter to inject shell metacharacters, resulting
in arbitrary code execution with root privileges.
Successful
exploitation may allow remote code execution and complete compromise of the
device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/en/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5189/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 |
Affected:
0 , < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T03:59:51.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Archer VX1800v v1",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Klamm9"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn OS\ncommand injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of\nthe domain name parameter. An adjacent attacker who can access the relevant\nHTTP interface can modify the parameter to inject shell metacharacters, resulting\nin arbitrary code execution with root privileges.\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eSuccessful\nexploitation may allow remote code execution and complete compromise of the\ndevice.\u003c/p\u003e"
}
],
"value": "An OS\ncommand injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of\nthe domain name parameter. An adjacent attacker who can access the relevant\nHTTP interface can modify the parameter to inject shell metacharacters, resulting\nin arbitrary code execution with root privileges.\n\n\n\n\n\n\n\n\n\nSuccessful\nexploitation may allow remote code execution and complete compromise of the\ndevice."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:03:33.853Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5189/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-15428",
"datePublished": "2026-07-14T17:03:33.853Z",
"dateReserved": "2026-07-10T16:59:16.057Z",
"dateUpdated": "2026-07-15T03:59:51.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15427 (GCVE-0-2026-15427)
Vulnerability from cvelistv5 – Published: 2026-07-14 17:02 – Updated: 2026-07-15 03:59
VLAI
EPSS
VEX
Title
OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
Summary
An OS command
injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of
parameters, allowing crafted input to be executed as system-level commands.
Exploitation requires specific conditions such as TR-069 being enabled and ability
to influence ACS-delivered commands, compromise or control an ACS server.
Successful
exploitation may allow arbitrary command execution with root privileges,
resulting in complete compromise of the device.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/en/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5189/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 |
Affected:
0 , < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T03:59:48.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Archer VX1800v v1",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Klamm9"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn OS command\ninjection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of\nparameters, allowing crafted input to be executed as system-level commands.\nExploitation requires specific conditions such as TR-069 being enabled and ability\nto influence ACS-delivered commands, compromise or control an ACS server.\u003c/p\u003e\n\n\u003cp\u003eSuccessful\nexploitation may allow arbitrary command execution with root privileges,\nresulting in complete compromise of the device.\u003c/p\u003e"
}
],
"value": "An OS command\ninjection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of\nparameters, allowing crafted input to be executed as system-level commands.\nExploitation requires specific conditions such as TR-069 being enabled and ability\nto influence ACS-delivered commands, compromise or control an ACS server.\n\n\n\n\n\nSuccessful\nexploitation may allow arbitrary command execution with root privileges,\nresulting in complete compromise of the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:02:50.086Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5189/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-15427",
"datePublished": "2026-07-14T17:02:50.086Z",
"dateReserved": "2026-07-10T16:59:14.788Z",
"dateUpdated": "2026-07-15T03:59:48.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}