CVE-2026-5511

2.7 LOW

In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting i...

Published: 2026-05-19 · Last updated: 2026-06-01

Severity and scoring

CVSS: 2.7 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-209

Affected products

Vendor	Product
tp-link	archer_ax72_firmware

Description

In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the presence of the diagnostic utility and view its valid command-line syntax and options. The exposed information is limited in scope and does not include sensitive system data.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-5511
[Other]https://www.tp-link.com/sg/support/download/archer-ax72/#Firmware
[Vendor advisory]https://www.tp-link.com/us/support/faq/5096/

Related CVEs

Same vendor

CVE-2026-1871 — TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorizat... (6.5 MEDIUM)
CVE-2026-34127 — A stored cross-site scripting (XSS) vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch d... (4.8 MEDIUM)
CVE-2026-34126 — TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication du... (7.5 HIGH)
CVE-2026-8697 — Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited aut... (8.8 HIGH)
CVE-2026-5509 — An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execu... (7.2 HIGH)

Same CWE

CVE-2026-41730 — Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer intern... (5.3 MEDIUM)
CVE-2025-52611 — HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)
CVE-2025-52606 — HCL iControl was affected by Weak Input Validation vulnerability (4.3 MEDIUM)
CVE-2026-9794 — A flaw was found in Keycloak (5.3 MEDIUM)
CVE-2026-42459 — free5GC is an open-source implementation of the 5G core network (7.5 HIGH)