PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9151 TP-Link Systems Inc. CVE debrief

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1, AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The issue stems from improper filtering of special characters. Successful exploitation of this vulnerability may enable an attacker to gain full control of the affected device, potentially compromising configuration integrity, network security, and service availability.

Vendor
TP-Link Systems Inc.
Product
Archer AX12 V1
CVSS
HIGH 8.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-10
Original CVE updated
2026-06-10
Advisory published
2026-06-10
Advisory updated
2026-06-10

Who should care

Administrators and users of TP-Link Archer AX12, AX17, AX18, and AX1300 routers should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability is caused by improper filtering of special characters in the VPN module of the affected routers. An adjacent, authenticated attacker can exploit this vulnerability by importing a specially crafted VPN client configuration file, allowing them to execute arbitrary commands on the device.

Defensive priority

HIGH

Recommended defensive actions

  • Update the firmware of the affected routers to the latest version.
  • Restrict access to the VPN configuration page to only trusted users.
  • Monitor the router's logs for suspicious activity.

Evidence notes

The CVE record and NVD detail pages provide information on the vulnerability, including its CVSS score and weaknesses.

Official resources

CVE-2026-9151 was published on 2026-06-10T18:17:15.637Z and modified on 2026-06-10T19:41:25.327Z.