Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Stack-based buffer overflow in TP-Link Archer AX50

Posted date 20/05/2025
Identificador
INCIBE-2025-0250
Importance
5 - Critical
Affected Resources
  • Link Archer AX50, firmware versions prior to 1.0.15 build 241203 rel61480.
Description

INCIBE has coordinated the publication of a vulnerability of critical severity affecting the TP-Link Archer AX50 router. The vulnerability was discovered by Víctor Fresco Perales (@hacefresko).

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability type CWE.

  • CVE-2025-40634: CVSS v4.0: 9.2 | CVSS AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-121
Solution

The vulnerability has been fixed by the TP-Link team in firmware version 1.0.15 build 241203 rel61480.

Detail

CVE-2025-40634: stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks.

References list
TP-Link - Archer AX50 Wi-Fi 6 Dual Band Gigabit Router AX3000
Download for Archer AX50 V1
Etiquetas