CVE-2026-1457

HIGH

TP-Link VIGI C385 V1 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-1457. PoCs published by XiaomingX, ii4gsp.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-1457, an authenticated buffer overflow vulnerability in TP-Link VIGI C385 V1. It includes root cause analysis, vulnerable code snippets, and an HTTP request example for exploitation.

Description

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

Exploits (2)

github WRITEUP 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-1457

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-1457, an authenticated buffer overflow vulnerability in TP-Link VIGI C385 V1. It includes root cause analysis, vulnerable code snippets, and an HTTP request example for exploitation.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TP-Link VIGI C385 V1 < 3.1.1 Build 251124 Rel.50371n

Auth required

Prerequisites: Authenticated session (valid stok token) · Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WRITEUP

by ii4gsp · poc

https://github.com/ii4gsp/CVE-2026-1457

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-1457, an authenticated buffer overflow vulnerability in TP-Link VIGI C385 V1. It includes root cause analysis, code snippets, and an HTTP request example demonstrating the exploit.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TP-Link VIGI C385 V1 < 3.1.1 Build 251124 Rel.50371n

Auth required

Prerequisites: Authenticated session (valid stok token) · Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources patch

https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware

Various Sources patch

https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware

Various Sources vendor-advisory

https://www.tp-link.com/us/support/faq/4931/

Scores

CVSS v3 8.8

EPSS 0.0660

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

tp-link/vigi_c385_firmware < 3.1.1

Published Jan 29, 2026

Tracked Since Feb 18, 2026