CVE-2026-9151 HIGH

CVE-2026-9151: Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

Vendor Tp-Link Systems Inc.

Product Archer AX12 V1

Weakness CWE-78

Published June 10, 2026

Last update June 11, 2026

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The issue stems from improper filtering of special characters. Successful exploitation of this vulnerability may enable an attacker to gain full control of the affected device, potentially compromising configuration integrity, network security, and service availability.

Key dates

02Disclosure timeline

June 10, 2026 CVE published

June 11, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-9151 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2026-9151

CWE CWE-78

CVSS 8.5 / HIGH

Affected versions

Vendor Tp-Link Systems Inc.

Product Archer AX12 V1

Affected < V1_1.5.0 Build 20260605

Vendor Tp-Link Systems Inc.

Product Archer AX18 v1

Affected < V1_1.5.0 Build 20260605

Vendor Tp Link Systems Inc.

Product Archer AX17 v1

Affected < V1_1.5.0 Build 20260605

Vendor Tp-Link Systems Inc.

Product Archer AX1300 v1.6

Affected < V1_1.5.0 Build 20260605

CVE-2026-9151: Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

01Description

02Disclosure timeline

03References

04Related CVE