CVE-2025-9961
8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.
The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.
This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | AX10 V1/V1.2/V2/V2.6/V3/V3.6 | 0 < 1.2.1 | affected |
| TP-Link Systems Inc. | AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6 | 0 < 1.3.11 | affected |
Weaknesses
- CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://blog.byteray.co.uk/zero-day-alert-automated-discovery-of-critical-cwmp-stack-overflow-in-tp-link-routers-0bc495a08679
- https://www.tp-link.com/us/support/faq/4647/
- https://www.tp-link.com/us/support/download/archer-ax10/
- https://www.tp-link.com/us/support/download/archer-ax1500/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.