CVE-2026-15428
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-15428, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: TPLink

Description

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell metacharacters, resulting in arbitrary code execution with root privileges. Successful exploitation may allow remote code execution and complete compromise of the device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
archer vx800v 1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15428 is an OS command injection vulnerability in Archer VX800v version 1. The issue arises due to insufficient input sanitization of the domain name parameter in an HTTP interface.

An adjacent attacker who can access the vulnerable HTTP interface can exploit this flaw by modifying the domain name parameter to include shell metacharacters. This allows the attacker to inject and execute arbitrary commands on the device with root privileges.

Successful exploitation of this vulnerability could lead to remote code execution, resulting in a complete compromise of the affected device.

Impact Analysis

If you are using the Archer VX800v v1 device, this vulnerability could have severe impacts, including:

  • Unauthorized remote code execution on the device, allowing an attacker to run malicious commands.
  • Complete compromise of the device, giving the attacker full control over its functions and data.
  • Potential access to sensitive information stored on or transmitted through the device.
  • Disruption of services or operations that rely on the device, leading to downtime or loss of functionality.

Since the attacker needs adjacent network access to exploit this vulnerability, the risk is higher in environments where the device is exposed to untrusted or shared networks.

Compliance Impact

This vulnerability could impact compliance with several standards and regulations, depending on the context in which the Archer VX800v v1 device is used:

  • GDPR (General Data Protection Regulation): If the device processes or stores personal data of EU citizens, a compromise could lead to unauthorized access or disclosure of this data. This may result in violations of GDPR requirements for data protection and breach notification.
  • HIPAA (Health Insurance Portability and Accountability Act): If the device is used in a healthcare environment to handle protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access to PHI, violating HIPAA's security and privacy rules.
  • Other industry-specific standards (e.g., PCI DSS for payment card data): If the device is part of a system handling sensitive financial data, a compromise could violate requirements for securing such data.

Organizations using the affected device should assess their compliance obligations and take steps to mitigate the vulnerability to avoid potential regulatory penalties or legal consequences.

Detection Guidance

Detecting this vulnerability on your network or system involves checking for signs of exploitation or verifying if the vulnerable parameter is exposed. Since the vulnerability is in the domain name parameter of an HTTP interface on Archer VX800v v1, you can perform the following steps:

  • Inspect network traffic to the Archer VX800v device for unusual HTTP requests targeting the domain name parameter. Look for requests containing shell metacharacters (e.g., ;, |, &, $, >, <) in the parameter value.
  • Use a vulnerability scanner or network monitoring tool to check if the device is running the vulnerable version (Archer VX800v v1). Tools like Nmap or OpenVAS may help identify the device and its firmware version.
  • Manually test the HTTP interface by sending a benign request to the domain name parameter and observing the response. If the device processes the input without proper sanitization, it may indicate vulnerability. Example command (use with caution):
  • curl -v "http://<device-ip>/relevant-endpoint?domain=test;id"
  • Check device logs for unusual activity, such as unexpected command execution or errors related to the domain name parameter.

Note: Testing for this vulnerability should only be done in a controlled environment with proper authorization, as it may disrupt device functionality or trigger security alerts.

Mitigation Strategies

To mitigate this vulnerability, follow these immediate steps:

  • Restrict access to the HTTP interface of the Archer VX800v device. Ensure only trusted users or systems can interact with the interface, especially from adjacent networks.
  • Apply any available firmware updates or patches provided by the vendor for the Archer VX800v device. Since no resources are available, check the vendor's official website or support channels for updates.
  • If no patch is available, consider disabling the vulnerable HTTP interface or functionality until a fix is released. This may involve configuring the device to use alternative, secure methods for domain name resolution.
  • Monitor the device for signs of exploitation, such as unusual command execution or unauthorized access attempts. Enable logging and alerting for suspicious activity.
  • Implement network segmentation to isolate the Archer VX800v device from critical systems, reducing the potential impact of a successful exploit.
  • Review and enforce strict input validation for all parameters in the HTTP interface to prevent command injection attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15428. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart