CVE-2026-9151
Deferred Deferred - Pending Action
Command Injection in TP-Link Archer AX Series Routers

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: TPLink

Description
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The issue stems from improper filtering of special characters.Β  Successful exploitation of this vulnerability may enable an attacker to gain full control of the affected device, potentially compromising configuration integrity, network security, and service availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-16
NVD
CVE-2026-9151
EUVD
EUVD-2026-36078
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
tp-link archer_ax12 v1
tp-link archer_ax17 v1
tp-link archer_ax18 v1
tp-link archer_ax1300 v1.6
tp-link archer_ax12 1.5.0
tp-link archer_ax17 1.5.0
tp-link archer_ax18 1.5.0
tp-link archer_ax1300 1.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9151 is an OS command injection vulnerability found in the VPN module of several TP-Link Archer routers, including AX12 v1, AX17 v1, AX18 v1, and AX1300 v1.6. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The root cause is improper filtering of special characters in the VPN configuration import process.

Successful exploitation of this vulnerability can give the attacker full control over the affected device.

Impact Analysis

Exploiting this vulnerability may allow an attacker to gain full control of the affected router device.

  • Compromise of configuration integrity
  • Compromise of network security
  • Disruption of service availability
Mitigation Strategies

To mitigate the CVE-2026-9151 vulnerability, users should immediately update their affected TP-Link Archer routers to the latest fixed firmware versions provided by TP-Link.

  • Apply the firmware update version 1.5.0 Build 20260605 or later for all affected models (AX12 v1, AX17 v1, AX18 v1, and AX1300 v1.6).
  • Download firmware updates only from the official TP-Link website to avoid unofficial or third-party firmware that may introduce additional risks.
  • Verify your hardware version before applying firmware updates.
  • Use a wired connection when performing firmware updates to prevent interruptions.
  • Avoid interrupting the firmware upgrade process to maintain device stability and security.
Compliance Impact

The provided information does not include any details on how CVE-2026-9151 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9151. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart