How to fix CVE-2025-62404?

Within 24 hours: Identify all Archer AX53 v1.0-1.3.1 devices in your network and document their locations and criticality. Within 7 days: Implement network segmentation to restrict admin access to these devices and disable remote management features if not required. Within 30 days: Evaluate replacement options or request security updates from TP-Link; contact vendor for patch availability timeline and interim firmware updates.

Is Heap Overflow affected by CVE-2025-62404?

A critical heap-based buffer overflow vulnerability in TP-Link Archer AX53 routers (versions 1.0-1.3.1) allows authenticated network attackers to crash devices or execute arbitrary code.

CVE-2025-62404

HIGH

2026-02-03 f23511db-6c3e-4e32-a477-6aa17d310630

8.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 03, 2026 - 19:16 nvd

HIGH 8.0

Description

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Analysis

Technical Context

Classified as CWE-122 (Heap-based Buffer Overflow). Affects Archer Ax53 Firmware. Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Affected Products

Vendor: Tp-Link. Product: Archer Ax53 Firmware. Versions: up to 1.0.

Remediation

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +40

POC: 0

CVE-2025-62404 vulnerability details – vuln.today

Back

CVE-2025-62404

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-62404

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code