Vigi C385 Firmware CVE-2026-1457
HIGHCVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
AnalysisAI
Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all TP-Link VIGI C385 V1 devices and restrict network access to administrative interfaces using firewall rules or air-gapping from untrusted networks. Within 7 days: Implement network segmentation to isolate camera systems on a dedicated VLAN with strict egress controls, and monitor for suspicious authentication patterns. …
Sign in for detailed remediation steps.
More from same product – last 7 days
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac
Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept a
Share
External POC / Exploit Code
Leaving vuln.today