A vulnerability was found in TP-Link Archer AX12 V1, Archer AX18 v1, Archer AX17 v1 and Archer AX1300 v1.6 up to 1.6 . It has been classified as critical . Affected by this vulnerability is an unknown functionality of the component VPN Module . This manipulation causes os command injection. The identification of this vulnerability is CVE-2026-9151 . The attack needs to be done within the local network. There is no exploit available.