Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-15427

Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-78 Neutralización incorrecta de elementos especiales usados en un comando de sistema operativo (Inyección de comando de sistema operativo)
Fecha de publicación:
14/07/2026
Última modificación:
14/07/2026

Descripción

*** Pendiente de traducción *** An OS command<br /> injection vulnerability exists in the TR-069 / CWMP management interface of Archer VX1800v v1 due to insufficient input validation and sanitization of<br /> parameters, allowing crafted input to be executed as system-level commands.<br /> Exploitation requires specific conditions such as TR-069 being enabled and ability<br /> to influence ACS-delivered commands, compromise or control an ACS server.<br /> <br /> <br /> <br /> <br /> <br /> Successful<br /> exploitation may allow arbitrary command execution with root privileges,<br /> resulting in complete compromise of the device.