PT-2026-58110 · Tp Link Systems · Archer Vx1800V V1
Klamm9
·
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-15428
CVSS v4.0
8.5
High
| Vector | AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
An OS
command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of
the domain name parameter. An adjacent attacker who can access the relevant
HTTP interface can modify the parameter to inject shell metacharacters, resulting
in arbitrary code execution with root privileges.
Successful
exploitation may allow remote code execution and complete compromise of the
device.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archer Vx1800V V1