Vigi C385 Firmware
CVE-2026-1457
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
AnalysisAI
Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue.
Technical ContextAI
Classified as CWE-121 (Stack-based Buffer Overflow). Affects Vigi C385 Firmware. An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today