Home

Description

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges.

PUBLISHED Reserved 2026-07-10 | Published 2026-07-14 | Updated 2026-07-14 | Assigner TPLink




MEDIUM: 5.1CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-93 Improper neutralization of CRLF sequences ('CRLF injection')

Product status

Default status
unaffected

Any version before 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
affected

Credits

Klamm9 finder

References

www.tp-link.com/en/support/download/archer-vx1800v/ patch

www.tp-link.com/us/support/faq/5189/ vendor-advisory

cve.org (CVE-2026-15429)

nvd.nist.gov (CVE-2026-15429)

Download JSON