Vulnerability Description
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
Related Weaknesses (CWE)
References
- https://blog.byteray.co.uk/zero-day-alert-automated-discovery-of-critical-cwmp-s
- https://www.tp-link.com/us/support/download/archer-ax10/
- https://www.tp-link.com/us/support/download/archer-ax1500/
- https://www.tp-link.com/us/support/faq/4647/
FAQ
What is CVE-2025-9961?
CVE-2025-9961 is a documented vulnerability. An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issu...
How severe is CVE-2025-9961?
CVSS scoring is not yet available for CVE-2025-9961. Check NVD for updates.
Is there a patch for CVE-2025-9961?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.