QwikSec

Security Database

CVE

CWE

Training

CVE-2026-1457

Published: Jan 29, 2026

Modified: Feb 26, 2026

PUBLISHED

Description

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

Vendor	Product	Versions
TP-Link Systems Inc.	VIGI C485 V1	affected `0 - < 3.1.1 Build 251124 Rel.50371n`

Weaknesses (CWE)

References

https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware

patch

https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware

patch

https://www.tp-link.com/us/support/faq/4931/

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.