Affected Vendors This Week
- TP-Link: 23 CVEs (1 critical, 22 high)
- Cisco: 5 CVEs (5 high/medium)
- Fortinet: 2 CVEs (1 critical, 1 low)
- Zyxel: 1 CVE (high)
- ASUS: 1 CVE (unrated)
This week brought 32 new router and network device CVEs, dominated by a critical SQL injection in Fortinet and a cascade of buffer overflow vulnerabilities in TP-Link products. One critical vulnerability demands immediate attention, and TP-Link users managing Archer AX53 devices should prioritize firmware updates.
Critical Priority: Fortinet FortiClientEMS SQL Injection
CVE-2026-21643 (CVSS 9.8) is the week's most severe issue. An unauthenticated attacker can exploit SQL injection in Fortinet FortiClientEMS 7.4.4 to execute arbitrary code without authentication. This affects endpoint management deployments across enterprises. Action: If you run FortiClientEMS 7.4.4, patch immediately and review access logs for suspicious activity.
TP-Link: 23 Vulnerabilities Across Multiple Product Lines
TP-Link dominates this week's CVE count with 23 vulnerabilities, spanning smart home and networking gear. The issues break down into three major categories:
Certificate & Credential Exposure: CVE-2025-15557 (CVSS 8.8) affects Tapo H100 v1 and P100 v1 smart plugs. An on-path attacker on the same network can intercept and modify encrypted device-cloud communications due to improper certificate validation. Additionally, CVE-2025-62501 (CVSS 8.1) in Archer AX53 v1.0 exposes SSH hostkey misconfiguration, allowing attackers to extract device credentials via man-in-the-middle attacks.
Buffer Overflow Heap Issues: Eight high-severity heap-based buffer overflow vulnerabilities affect the Archer AX53 v1.0's tmpserver and tdpserver modules: CVE-2025-62673, CVE-2025-58455, CVE-2025-59482, CVE-2025-59487, CVE-2025-61944, CVE-2025-61983, and others (all CVSS 8.0). These allow adjacent network attackers to trigger segmentation faults or potentially execute arbitrary code. Some require authentication; others don't.
Action for TP-Link Users: Check TP-Link's support portal immediately for Archer AX53 v1.0 and Tapo device firmware updates. If patches aren't yet available, isolate affected devices on separate network segments and restrict admin access. Monitor for suspicious network activity targeting these products.
Cisco: 5 CVEs Across Enterprise Management and Collaboration
CVE-2026-20098 (CVSS 8.8) in Cisco Meeting Management allows authenticated remote attackers to upload arbitrary files and execute commands through a certificate management vulnerability. CVE-2026-20119 (CVSS 7.5) affects TelePresence Collaboration Endpoints and RoomOS with a text rendering vulnerability.
Three medium-severity issues—CVE-2026-20111, CVE-2026-20123, and CVE-2026-20056—introduce stored XSS and information disclosure risks in Prime Infrastructure, EPNM, and Secure Web Appliance. These are lower-priority but still warrant patching in your change window.
Other Notable Issues
CVE-2025-11730 (Zyxel ATP, CVSS 7.2) is a post-authentication command injection in Dynamic DNS CLI, and CVE-2026-25815 (Fortinet FortiOS through 7.6.6, CVSS 3.2) exposes LDAP credential decryption in config files.
Bottom line: Prioritize patching TP-Link Archer AX53 and FortiClientEMS this week. Monitor Cisco and Zyxel support pages for updates, and test in your lab before production rollout.