Affected Vendors This Week
- Cisco: 16 CVEs (2 critical, 3 high, 11 medium)
- TP-Link: 6 CVEs (1 high, 5 medium)
- SonicWall: 3 CVEs (1 medium, 2 low)
- Fortinet: 1 CVE (critical)
This week brings 26 new router and network appliance vulnerabilities, with three critical issues demanding immediate attention. Cisco dominates the disclosure volume, while authentication bypass and buffer overflow flaws in TP-Link equipment pose significant risks to device security.
Critical Vulnerabilities Requiring Immediate Action
Fortinet FortiClientEMS (CVE-2026-35616): An improper access control flaw in FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execute arbitrary code via crafted requests. With a CVSS score of 9.8, this is among the most dangerous vulnerabilities this week. Organizations running these versions should prioritize patching immediately and consider restricting network access to EMS interfaces in the interim.
Cisco SSM On-Prem (CVE-2026-20160): A critical remote code execution vulnerability in Smart Software Manager On-Prem permits unauthenticated attackers to execute arbitrary commands on the underlying operating system (CVSS 9.8). This affects license management infrastructure and requires urgent patching. Check Cisco's security advisories for available updates.
Cisco IMC Authentication Bypass (CVE-2026-20093): The Integrated Management Controller's change password functionality contains a critical authentication bypass (CVSS 9.8) allowing unauthenticated remote access. This is particularly dangerous for out-of-band management systems. Verify your IMC firmware version and apply patches immediately.
High-Severity Issues
TP-Link Tapo C520WS Authentication Bypass (CVE-2026-34121): The camera's HTTP handling in DS configuration service contains an authentication bypass (CVSS 8.8) due to inconsistent parsing and authorization logic. This allows attackers to bypass security controls entirely. Firmware updates should be available from TP-Link.
Cisco IMC Command Injection (CVE-2026-20094): An authenticated attacker with only read-only privileges can perform command injection via the web-based management interface (CVSS 8.8). This represents privilege escalation risk and highlights the importance of least-privilege access controls on management interfaces.
Cisco EPNM Information Disclosure (CVE-2026-20155): The Evolved Programmable Network Manager allows authenticated users with low privileges to access sensitive information through its web interface (CVSS 8.0). Review user role assignments and ensure proper segmentation of management access.
Cisco SSM On-Prem Privilege Escalation (CVE-2026-20151): An authenticated attacker can escalate privileges on SSM On-Prem via the web interface (CVSS 7.3). Combined with CVE-2026-20160, this suggests comprehensive security issues in this product line.
TP-Link Tapo C520WS Buffer Overflow Cluster
Five medium-severity vulnerabilities affect TP-Link Tapo C520WS v2.6, all related to buffer handling and input validation:
- CVE-2026-34122: Stack-based buffer overflow in configuration handling (CVSS 6.5)
- CVE-2026-34118: Heap-based buffer overflow in HTTP POST parsing (CVSS 6.5)
- CVE-2026-34119: Heap-based overflow in segmented request handling (CVSS 6.5)
- CVE-2026-34120: Heap-based overflow in asynchronous video stream parsing (CVSS 6.5)
- CVE-2026-34124: Denial-of-service in HTTP path parsing (CVSS 6.5)
These indicate systematic input validation failures. Organizations deploying Tapo cameras should check for firmware updates and consider network segmentation to limit potential damage from exploitation.
Remaining Cisco Medium/Low Vulnerabilities
Cisco's remaining 8 CVEs (CVE-2026-20095, CVE-2026-20096, CVE-2026-20097, and others) are primarily medium-severity issues affecting IMC's web interface, most requiring authentication. While lower priority than the critical flaws, they should be addressed during regular patch windows.
SonicWall Email Security Issues
Three lower-severity vulnerabilities affect SonicWall Email Security appliances: stored XSS (CVE-2026-3468, CVSS 4.8), data corruption via input sanitization flaws (CVE-2026-3470, CVSS 3.8), and denial-of-service (CVE-2026-3469, CVSS 2.7). Apply these patches during standard maintenance cycles.
Action Items for This Week
- Today: Patch Fortinet FortiClientEMS 7.4.5–7.4.6 and Cisco SSM On-Prem if deployed
- This week: Update Cisco IMC and verify authentication bypass fixes are included
- This week: Check TP-Link for Tapo C520WS firmware updates, especially if cameras are internet-accessible
- Next week: Apply Cisco EPNM patches and review user privileges across management platforms
- Ongoing: Implement network segmentation for management interfaces and out-of-band access