RCE in Tp-link Systems Inc. Archer Vx1800v V1

CVE-2026-15428

An OS command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of the domain name parameter. An adjacent attacker who can access the relevant HTTP interface can modify the parameter to inject shell…

Vulnerability class: Command Injection (OS Command Injection)

Affected products

Weakness classification (CWE)

References