CVE-2025-15608

EUVD-2025-208907

20.03.2026, 17:16

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques.  

Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
tp-link	archer_ax53_firmware	1.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware

https://www.tp-link.com/us/support/faq/5025/