CVE-2025-9961

Summary

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. 

The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. 

This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.AX10 V1/V1.2/V2/V2.6/V3/V3.60 < 1.2.1affected
TP-Link Systems Inc.AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.60 < 1.3.11affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References