CVE-2026-1457

EPSS 0.11%
Veröffentlicht 29.01.2026 18:52:39
Zuletzt bearbeitet 09.03.2026 17:36:37
Quelle f23511db-6c3e-4e32-a477-6aa17d
CVE-Watchlists
Login
Unerledigt
Login

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Vigi C385 Firmware Version < 3.1.1

Tp-link ≫ Vigi C385 Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.296

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
f23511db-6c3e-4e32-a477-6aa17d310630	8.5	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware

Product

https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware

Product

https://www.tp-link.com/us/support/faq/4931/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1457

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1457

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1457

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1457