Primary

Context

TP-Link VIGI C385 Buffer Overflow Vulnerability Leading to Authenticated Remote Code Execution

Vulnerability

A buffer handling vulnerability has been identified in the TP-Link VIGI C385 V1 Web API. This flaw arises from inadequate input sanitization, potentially allowing memory corruption that could lead to remote code execution. Authenticated attackers might exploit this buffer overflow to execute arbitrary code with elevated privileges.

Impact

Exploitation of this vulnerability could result in unauthorized remote code execution with elevated privileges on the affected device.

Remediation

Users are advised to update to the latest firmware version. The firmware can be downloaded from the TP-Link official website, specific to the region of purchase.

Added: Jan 29, 2026, 7:19 PM

Updated: Jan 29, 2026, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link VIGI C385 Buffer Overflow Vulnerability Leading to Authenticated Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating