PatchSiren cyber security CVE debrief

CVE-2026-5511 TP-Link Systems Inc. CVE debrief

CVE-2026-5511 describes a limited information-disclosure issue in the web management interface of Archer AX72 (SG) v1. When invalid input is handled by the network diagnostic feature, an authenticated administrator can confirm that the diagnostic utility exists and view its command-line syntax and options. The published description states that the exposure is narrow and does not reveal sensitive system data.

Vendor: TP-Link Systems Inc.
Product: Archer AX72 (SG) v1.0
CVSS: MEDIUM 4.6
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-19
Original CVE updated: 2026-05-19
Advisory published: 2026-05-19
Advisory updated: 2026-05-19

Who should care

Administrators and security teams responsible for Archer AX72 (SG) v1 devices, especially environments that allow routine use of the router web management interface by privileged accounts.

Technical summary

The issue is an information disclosure weakness (CWE-209) in the network diagnostic feature of the router’s web interface. Under invalid-input conditions, the interface returns enough detail to reveal the presence of an internal diagnostic utility and its valid command-line usage. Exploitation requires an authenticated account with administrative privileges and does not, per the published description, expose sensitive system data.

Defensive priority

Medium. The impact is limited and requires high privileges, but it still leaks operational details from an administrative interface and should be remediated as part of router firmware hygiene.

Recommended defensive actions

Check the TP-Link Archer AX72 (SG) firmware support page for a vendor-fixed release and apply it when available.
Review who has administrative access to the device and remove any unnecessary privileged accounts.
Restrict router management access to trusted networks and management hosts only.
Monitor administrative web activity for unusual diagnostic-feature access or repeated invalid-input attempts.
If you cannot patch immediately, document the exposure and track the issue until vendor remediation is deployed.

Evidence notes

All substantive claims come from the supplied NVD record and TP-Link references. The NVD description says the flaw affects Archer AX72 (SG) v1, is triggered by invalid input in the network diagnostic feature, and allows an authenticated administrator to view diagnostic command usage information. The record also lists CWE-209 and a CVSS 4.6 Medium score. The TP-Link links point to the Archer AX72 firmware support page and a TP-Link FAQ, which are relevant vendor resources for remediation and product context. Vendor attribution is not treated as fully confirmed because the provided corpus marks it as low confidence.

Official resources

CVE-2026-5511 CVE record
CVE.org
CVE-2026-5511 NVD detail
NVD
Source item URL
nvd_modified
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630
Source reference
f23511db-6c3e-4e32-a477-6aa17d310630

Published by the source on 2026-05-19. The record was modified later the same day. No KEV listing was provided in the supplied corpus.