Watching the Watchers: Rooting TP-Link VIGI Cameras via Stack Overflow
Vulnerability ID: CVE-2026-1457
CVSS Score: 8.5
Published: 2026-01-29
It is 2026, and apparently, we have learned nothing about memory safety. TP-Link's professional VIGI surveillance line falls victim to the oldest trick in the book: a stack-based buffer overflow in the Web API. This vulnerability allows an authenticated attacker on the local network to turn a security camera into a root-privileged pivot point.
TL;DR
Authenticated stack-based buffer overflow in TP-Link VIGI C385/C485 cameras allows adjacent attackers with admin credentials to execute arbitrary code as root. Patched in firmware 3.1.1 Build 251124.
Technical Details
- CVE ID: CVE-2026-1457
- CWE: CWE-121 (Stack-based Buffer Overflow)
- CVSS v4.0: 8.5 (High)
- Attack Vector: Adjacent Network
- Privileges Required: High (Admin)
- Impact: Remote Code Execution (Root)
- Status: Patched
Affected Systems
- TP-Link VIGI C385 V1 (< 3.1.1 Build 251124)
- TP-Link VIGI C485 V1 (< 3.1.1 Build 251124)
-
VIGI C385 V1: < 3.1.1 Build 251124 (Fixed in:
3.1.1 Build 251124) -
VIGI C485 V1: < 3.1.1 Build 251124 (Fixed in:
3.1.1 Build 251124)
Exploit Details
- N/A: No public PoC available as of late Jan 2026. Theoretical exploitation requires authentication.
Mitigation Strategies
- Firmware Update
- Network Segmentation
- Credential Management
- Input Validation Review
Remediation Steps:
- Identify VIGI C385 V1 and C485 V1 devices on the network.
- Download firmware 3.1.1 Build 251124 or later from the TP-Link support site.
- Apply the update via the Web GUI or VIGI Security Manager.
- Verify the update was successful by checking the 'System Info' page.
- Change all administrative passwords to strong, unique values.
References
Read the full report for CVE-2026-1457 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)