Information Disclosure via Diagnostic Interface Due to Improper Input Validation...

4.6 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.

An authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options. The exposed information is limited in scope and does not include sensitive system data.

Basic Information

ID CVE-2026-5511

Source TPLink

Published May 19, 2026 at 15:58

Affected Product

Vendor TP-Link Systems Inc.

Product Archer AX72 (SG) v1.0

Affected Versions TP-Link Systems Inc. Archer AX72 (SG) v1.0 0

CWE Classification

CWE-209

References

{
    "lastseen": "",
    "description": "In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information.\u00a0\n\n\nAn authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options.\u00a0 The exposed information is limited in scope and does not include sensitive system data.",
    "published": "2026-05-19T15:58:46.404Z",
    "modified": "2026-05-19T15:58:46.404Z",
    "type": "cve",
    "title": "Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link's Archer AX72",
    "source": "TPLink",
    "references": "https://www.tp-link.com/sg/support/download/archer-ax72/#Firmware\nhttps://www.tp-link.com/us/support/faq/5096/",
    "id": "CVE-2026-5511",
    "bulletinFamily": "",
    "cwe": [
        "CWE-209"
    ],
    "cvelist": null,
    "sourceData": "TP-Link Systems Inc. Archer AX72 (SG) v1.0 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Archer AX72 (SG) v1.0",
    "version": "0",
    "vendor": "TP-Link Systems Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Information Disclosure via Diagnostic Interface Due to Improper Input Validation on TP-Link’s Archer AX72_CVE-2026-5511