CVE-2025-9961

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TP-Link AX10 versions prior to 1.2.1 TP-Link AX1500 versions prior to 1.3.11

Description A flaw exists in the CWMP (CWMP/TR-069) binary of TP-Link AX10 and AX1500 routers that could allow a remote attacker to execute arbitrary code. Exploitation requires authentication and can be conducted via a Man-In-The-Middle (MITM) attack. The issue is due to a buffer overflow when processing CWMP data without proper size validation. Over 13,500 devices are estimated to be exposed. The vulnerability bypasses Address Space Layout Randomization (ASLR) and can be exploited using Return-Oriented Programming (ROP) techniques.

Recommendations Update TP-Link AX10 routers to version 1.2.1 or later. Update TP-Link AX1500 routers to version 1.3.11 or later.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2025-10825

CVE-2025-9961

Affected Products

Ax10

Ax1500

CVE-2025-9961

Weakness Enumeration

Related Identifiers

Affected Products

References · 28