CVE-2026-15427
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-78
Neutralización incorrecta de elementos especiales usados en un comando de sistema operativo (Inyección de comando de sistema operativo)
Fecha de publicación:
14/07/2026
Última modificación:
14/07/2026
Descripción
*** Pendiente de traducción *** An OS command<br />
injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of<br />
parameters, allowing crafted input to be executed as system-level commands.<br />
Exploitation requires specific conditions such as TR-069 being enabled and ability<br />
to influence ACS-delivered commands, compromise or control an ACS server.<br />
<br />
<br />
<br />
<br />
<br />
Successful<br />
exploitation may allow arbitrary command execution with root privileges,<br />
resulting in complete compromise of the device.
Impacto
Puntuación base 4.0
8.60
Gravedad 4.0
ALTA



