Skip to main content

AX53 CVE-2025-15608

| EUVD-2025-208907 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-20 TPLink
RCE Buffer Overflow Stack Overflow
7.7
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 20, 2026 - 16:45 euvd
EUVD-2025-208907
Analysis Generated
Mar 20, 2026 - 16:45 vuln.today
Patch released
Mar 20, 2026 - 16:45 nvd
Patch available
CVE Published
Mar 20, 2026 - 16:31 nvd
HIGH 7.7

DescriptionNVD

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques.

Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.

AnalysisAI

A stack-based buffer overflow vulnerability exists in TP-Link AX53 v1 due to insufficient input sanitization in the device's probe handling logic, allowing unauthenticated remote attackers to cause denial of service through repeated service crashes and potentially achieve remote code execution via heap-spray techniques under specific conditions. The vulnerability affects TP-Link AX53 v1 devices and has a patch available from the vendor, though no confirmed active exploitation or public proof-of-concept has been widely reported at this time.

Technical ContextAI

The vulnerability resides in the probe handling subsystem of the TP-Link AX53 v1 wireless router (cpe:2.3:a:tp-link_systems_inc.:ax53_v1:*:*:*:*:*:*:*:*), which fails to properly validate and sanitize incoming parameters before processing them. This root cause is classified under CWE-121 (Stack-based Buffer Overflow), a memory safety issue where unvalidated input exceeds allocated stack buffer boundaries. The affected component is part of the device's embedded Linux firmware, likely within the wireless management or HTTP daemon service. Attackers can supply oversized or maliciously crafted probe requests that overwrite stack memory, leading to immediate service termination or, with careful heap spraying and memory layout exploitation, arbitrary code execution with the privileges of the vulnerable process.

RemediationAI

Immediately download and apply the latest firmware patch for the TP-Link AX53 v1 from the official TP-Link support page at https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware, ensuring the device is reset to factory defaults after flashing if recommended by the vendor. Until patching is possible, isolate affected devices on a dedicated, restricted network segment and disable remote management interfaces (WAN access to the device's web UI). Monitor probe traffic and implement network-level rate limiting on probe requests if the attack vector is known to originate from a specific source. Verify patch installation by confirming the firmware version matches the patched release identified in the advisory at https://www.tp-link.com/us/support/faq/5025/.

Share

CVE-2025-15608 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy