CVE-2025-15607

UNKNOWN 0.0

Authenticated Command Injection in mcsd Service of TP-Link Archer AX53

CVSS Score

0.0

EPSS Score

0.5%

EPSS Percentile

66th

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device.

CWE	CWE-77
Vendor	tp-link systems inc.
Product	ax53 v1
Published	Mar 20, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for tp-link systems inc. ax53 v1

Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. ax53 v1 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

TP-Link Systems Inc. / AX53 v1

0 < 251029

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tp-link.com: https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/5025/

Credits

samuzora