Search
Find a vulnerability
Search criteria
2 vulnerabilities found for archer_ax72_firmware by tp-link
CVE-2026-5511 (GCVE-0-2026-5511)
Vulnerability from nvd – Published: 2026-05-19 15:58 – Updated: 2026-05-19 17:06
VLAI
EPSS
VEX
Title
Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72
Summary
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.
An authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options. The exposed information is limited in scope and does not include sensitive system data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of error message containing sensitive information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/sg/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5096/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer AX72 (SG) v1.0 |
Affected:
0 , < 1.4.6 Build 20260112 rel.66206
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T17:05:56.109153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:06:21.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer AX72 (SG) v1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.4.6 Build 20260112 rel.66206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.\u0026nbsp;\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options.\u0026nbsp; The exposed information is limited in scope and does not include sensitive system data.\u003c/div\u003e"
}
],
"value": "In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.\u00a0\n\n\nAn authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options.\u00a0 The exposed information is limited in scope and does not include sensitive system data."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of error message containing sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T15:58:46.404Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-ax72/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5096/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link\u0027s Archer AX72",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-5511",
"datePublished": "2026-05-19T15:58:46.404Z",
"dateReserved": "2026-04-03T17:31:05.618Z",
"dateUpdated": "2026-05-19T17:06:21.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5511 (GCVE-0-2026-5511)
Vulnerability from cvelistv5 – Published: 2026-05-19 15:58 – Updated: 2026-05-19 17:06
VLAI
EPSS
VEX
Title
Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72
Summary
In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.
An authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options. The exposed information is limited in scope and does not include sensitive system data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of error message containing sensitive information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tp-link.com/sg/support/download/arche… | patch |
| https://www.tp-link.com/us/support/faq/5096/ | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | Archer AX72 (SG) v1.0 |
Affected:
0 , < 1.4.6 Build 20260112 rel.66206
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T17:05:56.109153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:06:21.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer AX72 (SG) v1.0",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "1.4.6 Build 20260112 rel.66206",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.\u0026nbsp;\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options.\u0026nbsp; The exposed information is limited in scope and does not include sensitive system data.\u003c/div\u003e"
}
],
"value": "In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.\u00a0\n\n\nAn authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options.\u00a0 The exposed information is limited in scope and does not include sensitive system data."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of error message containing sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T15:58:46.404Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/sg/support/download/archer-ax72/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5096/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link\u0027s Archer AX72",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-5511",
"datePublished": "2026-05-19T15:58:46.404Z",
"dateReserved": "2026-04-03T17:31:05.618Z",
"dateUpdated": "2026-05-19T17:06:21.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}