← Zuruck zu CVEs
CVE-2025-9961
N/ABeschreibung
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht9/6/2025
Zuletzt geandert9/8/2025
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-120
Referenzen
https://blog.byteray.co.uk/zero-day-alert-automated-discovery-of-critical-cwmp-stack-overflow-in-tp-link-routers-0bc495a08679(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/archer-ax10/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/archer-ax1500/(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4647/(f23511db-6c3e-4e32-a477-6aa17d310630)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.