CVE-2026-5511
Information Disclosure in TP-Link Archer AX72
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_ax72 | sg_1.4.6_build_20260112 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5511 is an information disclosure vulnerability in the web management interface of the TP-Link Archer AX72 (SG) v1 router. Specifically, the network diagnostic feature improperly handles invalid user input, which allows an authenticated attacker with administrative privileges to confirm the presence of the diagnostic utility and view its valid command-line syntax and options.
The exposed information is limited and does not include sensitive system data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in CVE-2026-5511 results in limited exposure of diagnostic command usage information to authenticated administrators. The exposed information does not include sensitive system data.
Because the information disclosed is limited and does not include sensitive data, the impact on compliance with common standards and regulations such as GDPR or HIPAA is likely minimal. However, any information disclosure vulnerability could potentially be a concern depending on the specific regulatory environment and risk assessment.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker with administrative privileges to gain limited information about the diagnostic commands available on the device. While the information disclosed is limited to command usage and does not include sensitive system data, it could potentially aid an attacker in understanding the device's diagnostic capabilities.
The overall impact is considered medium severity with a CVSS v4.0 score of 4.6.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the web management interface of the Archer AX72 (SG) v1 router and specifically the network diagnostic feature that improperly handles invalid user input. Detection would require verifying if an authenticated user with administrative privileges can access the diagnostic utility and view its command-line syntax and options.
There are no specific commands or network detection methods provided in the available information to detect this vulnerability on your system or network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is strongly recommended to update the affected Archer AX72 (SG) v1 router to the latest firmware version SG 1.4.6 Build 20260112 rel.66206 or later.
This firmware update addresses the information disclosure issue by correcting the improper input validation in the network diagnostic feature.