CVE-2026-15428
OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges. Successful exploitation may allow remote code execution and complete compromise of the device.
| CWE | CWE-78 |
| Vendor | tp-link systems inc. |
| Product | archer vx1800v v1 |
| Published | Jul 14, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. archer vx1800v v1
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. archer vx1800v v1 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
TP-Link Systems Inc. / Archer VX1800v v1
0 < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
References
Credits
Klamm9