CVE-2025-15608

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware	Product
https://www.tp-link.com/us/support/faq/5025/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*

History

02 Apr 2026, 20:53

Type	Values Removed	Values Added
Summary		(es) Esta vulnerabilidad en AX53 v1 resulta de la sanitización insuficiente de entradas en la lógica de manejo de sondas del dispositivo, donde parámetros no validados pueden desencadenar un desbordamiento de búfer basado en pila que causa la caída del servicio afectado y, bajo condiciones específicas, puede permitir la ejecución remota de código a través de técnicas complejas de heap-spray. La explotación exitosa puede resultar en indisponibilidad repetida del servicio y, en ciertos escenarios, permitir a un atacante obtener control del dispositivo.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware -~~	() https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware - Product
References	~~() https://www.tp-link.com/us/support/faq/5025/ -~~	() https://www.tp-link.com/us/support/faq/5025/ - Vendor Advisory
First Time		Tp-link archer Ax53 Firmware Tp-link Tp-link archer Ax53
CPE		cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:::::::* cpe:2.3:h:tp-link:archer_ax53:-:::::::*

20 Mar 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-20 17:16

Updated : 2026-04-02 20:53

NVD link : CVE-2025-15608

Mitre link : CVE-2025-15608

CVE.ORG link : CVE-2025-15608

JSON object : View

Products Affected

tp-link

archer_ax53
archer_ax53_firmware

CWE

CWE-121

Stack-based Buffer Overflow

9.8 /10