HIGHCVE-2026-1457Published Modified CNA TPLink
CVE-2026-1457: Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- 3.1.1 Build 251124 Rel.50371n
- Affected Products
- 1
Affected packages
- TP-Link Systems Inc. / VIGI C485 V1< 3.1.1 Build 251124 Rel.50371n (from 0)
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences