CVE-2025-9961
Authenticated RCE by CWMP binary
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
| CWE | CWE-120 |
| Vendor | tp-link systems inc. |
| Product | ax10 v1/v1.2/v2/v2.6/v3/v3.6 |
| Published | Sep 6, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. ax10 v1/v1.2/v2/v2.6/v3/v3.6
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. ax10 v1/v1.2/v2/v2.6/v3/v3.6 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
TP-Link Systems Inc. / AX10 V1/V1.2/V2/V2.6/V3/V3.6
0 < 1.2.1
TP-Link Systems Inc. / AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6
0 < 1.3.11
References
blog.byteray.co.uk: https://blog.byteray.co.uk/zero-day-alert-automated-discovery-of-critical-cwmp-stack-overflow-in-tp-link-routers-0bc495a08679 tp-link.com: https://www.tp-link.com/us/support/faq/4647/ tp-link.com: https://www.tp-link.com/us/support/download/archer-ax10/ tp-link.com: https://www.tp-link.com/us/support/download/archer-ax1500/