CVE-2026-15427
Received
Received - Intake
BaseFortify
Vulnerability report for CVE-2026-15427, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: TPLink
Description
Description
An OS command
injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of
parameters, allowing crafted input to be executed as system-level commands.
Exploitation requires specific conditions such as TR-069 being enabled and ability
to influence ACS-delivered commands, compromise or control an ACS server.
Successful
exploitation may allow arbitrary command execution with root privileges,
resulting in complete compromise of the device.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| archer | vx1800v | 1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |