Security Advisory on Command Injection Vulnerability on TP-Link Archer AXE75 (CVE-2025-15568)
2738 Vulnerability and Impact Description:
CVE-2025-15568:
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device.
CVSS v4.0 Score: 8.5 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Affected Products/Versions and Fixes:
|
Affected Product Model |
Affected Version |
|
AXE75 v1.6/v1.0 |
< = 1.3.2 Build 20250107 |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerability.
US: Download for Archer AXE75 | TP-Link
EN: Download for Archer AXE75 | TP-Link
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
¿Es útil este artículo?
Tus comentarios nos ayudan a mejorar esta web.