Home

Description

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107.

PUBLISHED Reserved 2025-12-22 | Published 2026-01-09 | Updated 2026-01-09 | Assigner TPLink




MEDIUM: 6.9CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version
affected

Credits

Yiheng An, Zhibin Zhang, Haozhe Zhang finder

References

github.com/...ty-disclosures/tree/master/2025/PANW-2025-0004

www.tp-link.com/us/support/download/archer-axe75/v1/ patch

www.tp-link.com/en/support/download/archer-axe75/v1/ patch

www.tp-link.com/jp/support/download/archer-axe75/v1/ patch

www.tp-link.com/...ps://www.tp-link.com/en/support/faq/4881/ vendor-advisory

cve.org (CVE-2025-15035)

nvd.nist.gov (CVE-2025-15035)

Download JSON