An OS command
injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of
parameters, allowing crafted input to be executed as system-level commands.
Exploitation requires specific conditions such as TR-069 being enabled and ability
to influence ACS-delivered commands, compromise or control an ACS server.
Successful
exploitation may allow arbitrary command execution with root privileges,
resulting in complete compromise of the device.
injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of
parameters, allowing crafted input to be executed as system-level commands.
Exploitation requires specific conditions such as TR-069 being enabled and ability
to influence ACS-delivered commands, compromise or control an ACS server.
Successful
exploitation may allow arbitrary command execution with root privileges,
resulting in complete compromise of the device.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 14 Jul 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An OS command injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server. Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device. | |
| Title | OS Command Injection in TR-069 (CWMP) Management Interface in TP-Link Archer VX1800v | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-07-14T17:48:27.176Z
Reserved: 2026-07-10T16:59:14.788Z
Link: CVE-2026-15427
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses