Zurück zur CVE-Übersicht
CVE-2025-15608
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score25/100 — MITTEL
- CVSS 9.8 — Kritisch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.
Referenzen
- https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
- https://www.tp-link.com/en/support/download/archer-ax55/v4/
- https://www.tp-link.com/us/support/download/archer-ax55/v4.60/#Firmware
- https://www.tp-link.com/us/support/download/archer-ax55/v4/#Firmware
- https://www.tp-link.com/us/support/faq/5025/