CVE-2026-15429
5.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.
An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 | 0 < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n | affected |
Weaknesses
- CWE-93: CWE-93 Improper neutralization of CRLF sequences ('CRLF injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.tp-link.com/en/support/download/archer-vx1800v/#Firmware
- https://www.tp-link.com/us/support/faq/5189/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.