CVE-2025-9961

Name of the Vulnerable Software and Affected Versions TP-Link AX10 versions prior to 1.2.1 TP-Link AX1500 versions prior to 1.3.11

Description A flaw exists in the CWMP (CWMP/TR-069) binary of TP-Link AX10 and AX1500 routers that allows an authenticated attacker to remotely execute arbitrary code. Exploitation requires a Man-In-The-Middle (MITM) attack. The issue is due to a stack buffer overflow in the CWMP service, potentially bypassing Address Space Layout Randomization (ASLR) through techniques like Return-to-libc (ret2libc). Over 13,500 devices are estimated to be exposed. The vulnerability is exploitable even with NX bit and ASLR protections in place, utilizing Return-Oriented Programming (ROP) and existing one-day exploits. The vulnerable component is the

cwmp

binary.

Recommendations TP-Link AX10 versions prior to 1.2.1: Update to version 1.2.1 or later. TP-Link AX1500 versions prior to 1.3.11: Update to version 1.3.11 or later.