CVE-2026-1457HIGH 8.8EPSS p93.0%

CVE-2026-1457CVE-2026-1457

Description

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS6.60% probability of exploitation · percentile 93.0% · 2026-06-19T12:03:05Z
Published2026-01-29
Last modified2026-03-09

Underlying weaknesses· 1

CWE-121

References

  1. https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware
  2. https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware
  3. https://www.tp-link.com/us/support/faq/4931/

1

TypeTargetConfidenceTier
WeaknessStack-based Buffer Overflowcwe-1210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14737
CVE
CVE-2026-1157
CVE
TP-Link Archer AX-21 Command Injection Vulnerability
CVE
CVE-2026-1156
CVE
CVE-2026-0652
CVE
CVE-2026-4976
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.