Security Advisory on Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75 (CVE-2025-15035)
1922 Vulnerability Description:
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file.
Impacts:
This vulnerability may lead to:
- Loss of critical system files, compromising system integrity.
- Service interruption or degraded functionality due to deletion of configuration or operational files.
CVSS v4.0 Score: 6.9 / Medium
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Related Vulnerabilities |
Affected Version |
|
Archer AXE75 v1.6 |
CVE-2025-15035 |
≤ build 20250107 |
Recommendation(s):
We strongly recommend that users with the affected device(s) take the following action(s):
- Download and update to the latest firmware version to fix these vulnerabilities:
US: https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware
EN: https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware
JP: Archer AXE75 のコンテンツ | TP-Link 日本
Disclaimer:
If you do not take the recommended actions stated above, this vulnerability concern will remain. TP-Link cannot bear any responsibility for the consequences that could have been avoided by following the recommended actions in this statement.
這篇faq是否有用?
您的反饋將幫助我們改善網站