CVE-2025-15568

Command Injection Vulnerability on TP-Link Archer AXE75

CVSS 8.5 HIGHEPSS 1.4%CWE-78

In short

A flaw in the TP-Link Archer AXE75 router allows an attacker on the same network to run malicious commands with administrator privileges if the router is set to access point mode. This could let them steal data, modify settings, or shut down the device.

Technical detail

Command injection vulnerability in the web module of Archer AXE75 (v1.6/v1.0 through 1.3.2 Build 20250107) when sysmode=ap. Authenticated adjacent-network attacker can inject arbitrary OS commands via unsanitized input, achieving RCE with root privileges and compromising confidentiality, integrity, and availability of the device.

Summary generated and translated by AI from the official description.

A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107.

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Affected products

TP-Link Systems Inc. · Archer AXE75 v1.6/v1.0

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware https://www.tp-link.com/us/support/download/archer-axe75/v1.60/#Firmware https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware https://www.tp-link.com/us/support/faq/5005/