CVE-2025-9961

Name of the Vulnerable Software and Affected Versions TP-Link AX10 versions prior to 1.2.1 TP-Link AX1500 versions prior to 1.3.11

Description A flaw exists in the CWMP (CWMP/TR-069) binary of TP-Link AX10 and AX1500 routers that could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires a Man-In-The-Middle (MITM) attack. The issue is due to a stack buffer overflow in the CWMP service, even with Address Space Layout Randomization (ASLR) and NX bit protections in place. Exploitation can be achieved using Return-Oriented Programming (ROP) techniques. Over 13,500 devices are estimated to be exposed. The vulnerability allows for remote code execution, potentially giving attackers full control of the affected devices.

Recommendations TP-Link AX10 versions prior to 1.2.1 should be updated to version 1.2.1 or later. TP-Link AX1500 versions prior to 1.3.11 should be updated to version 1.3.11 or later.