CVE-2026-9151 – Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

CVE ID :CVE-2026-9151

Published : June 10, 2026, 6:17 p.m. | 1 hour ago

Description :An OS
command injection vulnerability exists in the VPN module of TP-Link Archer AX12
v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an
adjacent, authenticated attacker to execute arbitrary commands on the device by
importing a specially crafted VPN client configuration file. The issue stems
from improper filtering of special characters. 

Successful
exploitation of this vulnerability may enable an attacker to gain full control
of the affected device, potentially compromising configuration integrity,
network security, and service availability.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-11626 – Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool

CVE-2026-50639 – Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections

CVE-2026-50638 – Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections

CVE-2026-50637 – Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections