CVE-2026-1457

CVSS

No CVSS.

n authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

References

Link	Resource
https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware
https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware
https://www.tp-link.com/us/support/faq/4931/

Configurations

No configuration.

History

29 Jan 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-29 19:16

Updated : 2026-02-04 16:34

NVD link : CVE-2026-1457

Mitre link : CVE-2026-1457

CVE.ORG link : CVE-2026-1457

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2026-1457", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-29T19:16:19.160", "references": [{"url": "https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}, {"url": "https://www.tp-link.com/us/support/faq/4931/", "source": "f23511db-6c3e-4e32-a477-6aa17d310630"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution.\u00a0Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges."}], "lastModified": "2026-02-04T16:34:21.763", "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630"}

CVE-2026-1457

JSON object

Attach tags to CVE-2026-1457

Attach tags to `CVE-2026-1457`