Home

Description

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.  This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.

PUBLISHED Reserved 2025-09-03 | Published 2025-09-06 | Updated 2025-09-09 | Assigner TPLink




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unaffected

Any version before 1.2.1
affected

Default status
unaffected

Any version before 1.3.11
affected

References

blog.byteray.co.uk/...erflow-in-tp-link-routers-0bc495a08679

www.tp-link.com/us/support/faq/4647/ vendor-advisory

www.tp-link.com/us/support/download/archer-ax10/ patch

www.tp-link.com/us/support/download/archer-ax1500/ patch

cve.org (CVE-2025-9961)

nvd.nist.gov (CVE-2025-9961)

Download JSON