CNNVD-202509-970 Information
CNNVD ID
CNNVD-202509-970
Related CVE
- CNNVD Published: 2025-09-06
Description (Chinese)
TP-LINK AX10和TP-LINK AX1500都是中国普联(TP-LINK)公司的产品。TP-LINK AX10是一款路由器。TP-LINK AX1500是一个调制解调器。 TP-LINK AX10 1.2.1之前版本和TP-LINK AX1500 1.3.11之前版本存在安全漏洞,该漏洞源于CWMP二进制可能被用于远程执行任意代码。
Description (English)
TP-LINK AX10 and TP-LINK AX1500 are the products of PUTK. TP-LINK AX10 is a router. TP-LINK AX1500 is a modem. Pre-TP-LINK AX10 1.2.1 and pre-TP-LINK AX1500 1.3.11 have a security gap, which stems from the possibility that the CWMP binary may be used for remote implementation of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
普联
Published
2025-09-06
Last Modified
2026-02-24
References
https://www.tp-link.com/us/support/download/archer-ax10/ https://www.tp-link.com/us/support/download/archer-ax1500/ https://blog.byteray.co.uk/zero-day-alert-automated-discovery-of-critical-cwmp-stack-overflow-in-tp-link-routers-0bc495a08679 https://www.tp-link.com/us/support/faq/4647/ https://access.redhat.com/security/cve/cve-2025-9961
Patch
https://www.tp-link.com/us/support/faq/4647/
Share on: