Click to skip the navigation bar

Statement on Authenticated RCE by CWMP binary (CVE-2025-9961)

Security Advisory
Updated 09-06-2025 07:23:08 AM Number of views for this article229

Vulnerability Description:

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500 series.

Impact:

This flaw will impact CWMP function, it is disabled by default.

The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.

AX10 V1/V1.2/V2/V2.6/V3/V3.6:

https://www.tp-link.com/us/support/download/archer-ax10/#Firmware

AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6

https://www.tp-link.com/us/support/download/archer-ax1500/#Firmware

CVSS v4.0 Score: 8.6 / High

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products/Versions and Fixes:

Affected Product Model

Related Vulnerabilities

Affected Version

Fixed Version

AX10 V1/V1.2/V2/V2.6/V3/V3.6

CVE-2025-9961

Firmware <1.2.1

Firmware >= 1.2.1

AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6

CVE-2025-9961

Firmware < 1.3.11

Firmware >= 1.3.12

Recommendation(s):

We strongly recommended that users with the affected device(s) take the following action(s):

  1. Update to the latest firmware to fix the vulnerabilities.

Disclaimer:

If you do not take the recommended action(s) stated above, this vulnerability concern will remain. TP-Link cannot bear any responsibility for the consequences that could have been avoided by following the recommended action(s) in this statement.

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >