CVE-2026-15428

EUVD-2026-43963
An OS
command injection vulnerability exists in Archer VX800v v1 due to insufficient input sanitization of
the domain name parameter. An adjacent attacker who can access the relevant
HTTP interface can modify the parameter to inject shell metacharacters, resulting
in arbitrary code execution with root privileges.









Successful
exploitation may allow remote code execution and complete compromise of the
device.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---