NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-9151

Summary	An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The issue stems from improper filtering of special characters. Successful exploitation of this vulnerability may enable an attacker to gain full control of the affected device, potentially compromising configuration integrity, network security, and service availability.
Publication Date	June 11, 2026, 3:17 a.m.
Registration Date	June 11, 2026, 4:18 a.m.
Last Update	June 11, 2026, 3:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.tp-link.com/en/support/download/archer-ax12/#Firmware	f23511db-6c3e-4e32-a477-6aa17d310630
2	https://www.tp-link.com/en/support/download/archer-ax17/#Firmware	f23511db-6c3e-4e32-a477-6aa17d310630
3	https://www.tp-link.com/en/support/download/archer-ax18/#Firmware	f23511db-6c3e-4e32-a477-6aa17d310630
4	https://www.tp-link.com/us/support/download/archer-ax1300/#Firmware	f23511db-6c3e-4e32-a477-6aa17d310630
5	https://www.tp-link.com/us/support/faq/5125/	f23511db-6c3e-4e32-a477-6aa17d310630

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-78	OSコマンド・インジェクション	https://cwe.mitre.org/data/definitions/78.html