CVE-2026-15429
MEDIUM
5.1
CVSS 4.0
Description
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data.
An
authenticated user with sufficient privileges may be able to modify account
settings and gain elevated administrative privileges.
Metadata
Severity & Metrics
5.1
MEDIUM CVSS 4.0
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| TP-Link Systems Inc. | Archer VX1800v v1 | Linux | 0 < 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-93 | cna | CWE-93 Improper neutralization of CRLF sequences ('CRLF injection') |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.1 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
References (2)