CVE-2026-1457 | THREATINT

Description

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

PUBLISHED Reserved 2026-01-26 | Published 2026-01-29 | Updated 2026-01-30 | Assigner TPLink

HIGH: 8.5CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status

unaffected

Any version before 3.1.1 Build 251124 Rel.50371n

affected

Credits

SeonGoo Lee (classun9), MinSeong Kim (ii4gsp) of NSHC RedAlert Labs finder

References

www.tp-link.com/en/support/download/vigi-c385/v1/ patch

www.tp-link.com/kr/support/download/vigi-c385/v1/ patch

www.tp-link.com/us/support/faq/4931/ vendor-advisory

cve.org (CVE-2026-1457)

nvd.nist.gov (CVE-2026-1457)

Download JSON