Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI...

8.5 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

Basic Information

ID CVE-2026-1457

Source TPLink

Published Jan 29, 2026 at 18:52

Affected Product

Vendor TP-Link Systems Inc.

Product VIGI C485 V1

Affected Versions TP-Link Systems Inc. VIGI C485 V1 0

CWE Classification

CWE-121

References

{
    "lastseen": "",
    "description": "An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution.\u00a0Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.",
    "published": "2026-01-29T18:52:39.283Z",
    "modified": "2026-01-29T18:52:39.283Z",
    "type": "cve",
    "title": "Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385",
    "source": "TPLink",
    "references": "https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware\nhttps://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware\nhttps://www.tp-link.com/us/support/faq/4931/",
    "id": "CVE-2026-1457",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. VIGI C485 V1 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VIGI C485 V1",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385_CVE-2026-1457