Security Advisory: Multiple Vulnerabilities in TP-Link Archer VX1800v (CVE-2026-15427, CVE-2026-15428 & CVE-2026-15429)
Description of Vulnerabilities and Impacts:
Multiple vulnerabilities have been identified in Archer VX1800v v1.
CVE-2026-15427: OS Command Injection in TR-069 (CWMP) Management Interface
An OS command injection vulnerability exists in the TR-069 / CWMP management interface of the affected router due to insufficient input validation and sanitization of parameters, allowing crafted input to be executed as system-level commands. Exploitation requires specific conditions such as TR-069 being enabled and ability to influence ACS-delivered commands, compromise or control an ACS server.
Successful exploitation may allow arbitrary command execution with root privileges, resulting in complete compromise of the device.
CVSS v4.0 Score: 8.6/ High
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2026-15428: OS Command Injection via Domain Name Configuration
An OS command injection vulnerability exists due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges.
Successful exploitation may allow remote code execution and complete compromise of the device.
CVSS v4.0 Score: 8.5/ High
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2026-15429: Privilege Escalation via Improper Input Sanitization
A privilege escalation vulnerability exists in the HTTP authentication component. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.
An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges.
CVSS v4.0 Score: 5.1/ Medium
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product |
Affected Version |
|
Archer VX1800v V1 |
< 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Follow the instructions to update to the latest firmware version to fix the vulnerabilities:
EN: Download for Archer VX1800v | TP-Link
Note: Archer VX1800v is not sold in the U.S.
Disclaimer:
This advisory is provided for informational purposes only and is subject to change without notice. The information is provided “as is” without warranties of any kind. TP-Link recommends that customers promptly apply available firmware updates or implement documented workarounds as provided in this advisory. Devices/systems that are not updated or mitigated as described may remain vulnerable, and TP-Link disclaims any responsibility or liability for any damages or losses arising from a failure to implement such updates.
Looking For More
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.