CVE-2025-15608
This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, wher
CVSS
9.8
Crítico
EPSS
0.6%
p47
KEV
—
Exploit Today
14
0-100
Publicado: 20 mar 2026 · Última mod.: 13 jul 2026 · CWE-121
0.5%EPSS · 30 días0.6%
2026-06-302026-07-17
This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.
- www.tp-link.comhttps://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware
- www.tp-link.comhttps://www.tp-link.com/en/support/download/archer-ax55/v4/
- www.tp-link.comhttps://www.tp-link.com/us/support/download/archer-ax55/v4.60/#Firmware
- www.tp-link.comhttps://www.tp-link.com/us/support/download/archer-ax55/v4/#Firmware
- www.tp-link.comhttps://www.tp-link.com/us/support/faq/5025/
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-510878.6 ALT94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.13dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.13dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.13dCVE-2021-271378.1 ALT91.8%
——28An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request).6hCVE-2025-606908.8 ALT89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.13dCVE-2026-248818.1 ALT75.3%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.3d