๐Ÿ” CVE Alert

CVE-2026-15428

UNKNOWN 0.0

OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges. Successful exploitation may allow remote code execution and complete compromise of the device.

CWE CWE-78
Vendor tp-link systems inc.
Product archer vx1800v v1
Published Jul 14, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. archer vx1800v v1

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. archer vx1800v v1 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

TP-Link Systems Inc. / Archer VX1800v v1
0 < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
tp-link.com: https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/5189/

Credits

Klamm9