OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v
Summary
| CVE | CVE-2026-15428 |
|---|---|
| State | PUBLISHED |
| Assigner | TPLink |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-14 17:16:44 UTC |
| Updated | 2026-07-14 18:17:12 UTC |
| Description | An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges. Successful exploitation may allow remote code execution and complete compromise of the device. |
Risk And Classification
Primary CVSS: v4.0 8.5 HIGH from f23511db-6c3e-4e32-a477-6aa17d310630
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-78 | CWE-78 CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | f23511db-6c3e-4e32-a477-6aa17d310630 | Secondary | 8.5 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | CVSS | 8.5 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v4.0 Breakdown
Attack Vector
AdjacentAttack Complexity
LowAttack Requirements
NonePrivileges Required
HighUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | TP-Link Systems Inc. | Archer VX1800v V1 | affected 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n custom | Linux |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.tp-link.com/us/support/faq/5189 | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | |
| www.tp-link.com/en/support/download/archer-vx1800v | f23511db-6c3e-4e32-a477-6aa17d310630 | www.tp-link.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Klamm9 (en)
There are currently no legacy QID mappings associated with this CVE.