CVE-2026-1457

EPSS 0.11%
Veröffentlicht 29.01.2026 18:52:39
Zuletzt bearbeitet 09.03.2026 17:36:37
Quelle f23511db-6c3e-4e32-a477-6aa17d
CVE-Watchlists
Login
Unerledigt
Login

Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Vigi C385 Firmware Version < 3.1.1

Tp-link ≫ Vigi C385 Version1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.297

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
f23511db-6c3e-4e32-a477-6aa17d310630	8.5	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware

Product

https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware

Product

https://www.tp-link.com/us/support/faq/4931/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1457

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1457