Henri Nurmi

**Name of the Vulnerable Software and Affected Versions** TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 **Description** An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. Successful exploitation may enable an attacker to gain full control of the device, potentially compromising configuration integrity, network security, and service availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.