PT-2025-22127 · Tp Link · Tp-Link Archer C50
Published
2025-05-20
·
Updated
2025-07-04
·
CVE-2025-40634
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
TP-Link Archer AX50 versions prior to 1.0.15 build 241203 rel61480
Description:
The issue is a stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks.
Recommendations:
For versions prior to 1.0.15 build 241203 rel61480, update the firmware to version 1.0.15 build 241203 rel61480 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'conn-indicator' binary until a patch is available.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp-Link Archer C50