Description
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The issue stems from improper filtering of special characters. Successful exploitation of this vulnerability may enable an attacker to gain full control of the affected device, potentially compromising configuration integrity, network security, and service availability.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
Low
Availability (Subsequent System)
Low
Affected products
- TP-Link Systems Inc. / Archer AX12 V10 – V1_1.5.0 Build 20260605
- TP-Link Systems Inc. / Archer AX1300 v1.60 – V1_1.5.0 Build 20260605
- TP-Link Systems Inc. / Archer AX17 v10 – V1_1.5.0 Build 20260605
- TP-Link Systems Inc. / Archer AX18 v10 – V1_1.5.0 Build 20260605
References
- MISChttps://www.tp-link.com/en/support/download/archer-ax17/#Firmware
- MISChttps://www.tp-link.com/en/support/download/archer-ax12/#Firmware
- MISChttps://www.tp-link.com/en/support/download/archer-ax18/#Firmware
- MISChttps://www.tp-link.com/us/support/download/archer-ax1300/#Firmware
- MISChttps://www.tp-link.com/us/support/faq/5125/