Skip to main content

Ax53 V1

2 CVEs product

Monthly

CVE-2025-15608 HIGH PATCH This Week

A stack-based buffer overflow vulnerability exists in TP-Link AX53 v1 due to insufficient input sanitization in the device's probe handling logic, allowing unauthenticated remote attackers to cause denial of service through repeated service crashes and potentially achieve remote code execution via heap-spray techniques under specific conditions. The vulnerability affects TP-Link AX53 v1 devices and has a patch available from the vendor, though no confirmed active exploitation or public proof-of-concept has been widely reported at this time.

RCE Buffer Overflow Stack Overflow Ax53 V1
NVD VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2025-15607 HIGH PATCH This Week

A command injection vulnerability exists in TP-Link AX53 v1 devices within the mscd debug functionality that allows authenticated attackers to execute arbitrary commands with full device control. The vulnerability stems from insufficient input validation on log redirection parameters, which can be abused to concatenate unvalidated file content into shell commands. A vendor patch is available, and this represents a critical control-plane compromise vector for affected router devices.

Command Injection Ax53 V1
NVD VulDB
CVSS 4.0
7.3
EPSS
0.5%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

A stack-based buffer overflow vulnerability exists in TP-Link AX53 v1 due to insufficient input sanitization in the device's probe handling logic, allowing unauthenticated remote attackers to cause denial of service through repeated service crashes and potentially achieve remote code execution via heap-spray techniques under specific conditions. The vulnerability affects TP-Link AX53 v1 devices and has a patch available from the vendor, though no confirmed active exploitation or public proof-of-concept has been widely reported at this time.

RCE Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 1% CVSS 7.3
HIGH PATCH This Week

A command injection vulnerability exists in TP-Link AX53 v1 devices within the mscd debug functionality that allows authenticated attackers to execute arbitrary commands with full device control. The vulnerability stems from insufficient input validation on log redirection parameters, which can be abused to concatenate unvalidated file content into shell commands. A vendor patch is available, and this represents a critical control-plane compromise vector for affected router devices.

Command Injection Ax53 V1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy