Cyber Resilience

CVE-2026-1457

High

Published: 29 January 2026

Published
29 January 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0660 93.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-1457 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Tp-Link Vigi C385 Firmware. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-1457, published on 2026-01-29, is an authenticated buffer handling flaw classified under CWE-121 in the Web API of TP-Link VIGI C385 V1. The issue arises from insufficient input sanitization, enabling memory corruption via buffer overflow that could lead to remote code execution. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Authenticated attackers with low privileges (PR:L) can exploit the vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Exploitation triggers a buffer overflow, potentially allowing arbitrary code execution with elevated privileges and resulting in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

TP-Link provides mitigation through firmware updates for VIGI C385 V1, downloadable from https://www.tp-link.com/en/support/download/vigi-c385/v1/#Firmware, https://www.tp-link.com/kr/support/download/vigi-c385/v1/#Firmware, and related support resources including FAQ https://www.tp-link.com/us/support/faq/4931/. Security practitioners should apply these patches promptly to affected devices.

EU & UK References

Vulnerability details

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in Web API enables remote code execution from low-privileged access (T1190: Exploit Public-Facing Application) and escalation to elevated privileges (T1068: Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30814Same vendor: Tp-Link
CVE-2025-15608Same vendor: Tp-Link
CVE-2024-57049Same vendor: Tp-Link
CVE-2024-10238Shared CWE-121
CVE-2026-0834Same vendor: Tp-Link
CVE-2026-34121Same vendor: Tp-Link
CVE-2025-25897Same vendor: Tp-Link
CVE-2025-32061Shared CWE-121
CVE-2025-9292Same vendor: Tp-Link
CVE-2026-32955Shared CWE-121

Affected Assets

tp-link
vigi c385 firmware
≤ 3.1.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lacking input sanitization in the Web API that enables buffer overflow by validating all inputs to prevent memory corruption.

prevent

Requires timely remediation of identified flaws like this buffer handling vulnerability through firmware updates provided by the vendor.

prevent

Provides memory protection mechanisms such as ASLR and DEP to mitigate exploitation of buffer overflows even if input sanitization fails.

References