Click to skip the navigation bar

Security Advisory: Multiple Vulnerabilities in TP-Link Archer VX1800v (CVE-2026-15427, CVE-2026-15428 & CVE-2026-15429)

Security Advisory
Last updated: July 14, 2026

Description of Vulnerabilities and Impacts:

Multiple vulnerabilities have been identified in Archer VX1800v v1.

CVE-2026-15427: OS Command Injection in TR-069 (CWMP) Management Interface

An OS command injection vulnerability exists in the TR-069 / CWMP management interface of the affected router due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server.

Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device.

CVSS v4.0 Score: 8.6/ High

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2026-15428: OS Command Injection via Domain Name Configuration

An OS command injection vulnerability exists due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges.

Successful exploitation may allow remote code execution and complete compromise of the device.

CVSS v4.0 Score: 8.5/ High

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2026-15429: Privilege Escalation via Improper Input Sanitization

A privilege escalation vulnerability exists in the HTTP authentication component. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.

An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges.

CVSS v4.0 Score: 5.1/ Medium

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products/Versions and Fixes:

Affected Product

Affected Version

Archer VX1800v V1

< 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n

Recommendations:

We strongly recommend that users with affected devices take the following actions:

  1. Follow the instructions to update to the latest firmware version to fix the vulnerabilities:

EN: Download for Archer VX1800v | TP-Link

Note: Archer VX1800v is not sold in the U.S.

Disclaimer:

This advisory is provided for informational purposes only and is subject to change without notice. The information is provided “as is” without warranties of any kind. TP-Link recommends that customers promptly apply available firmware updates or implement documented workarounds as provided in this advisory. Devices/systems that are not updated or mitigated as described may remain vulnerable, and TP-Link disclaims any responsibility or liability for any damages or losses arising from a failure to implement such updates.

Related FAQs

Looking For More

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >