- Description
- Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks.
- Source
- cve-coordination@incibe.es
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cve-coordination@incibe.es
- CWE-121
- Hype score
- Not currently trending
TP-Link社のルータArcher AX50に遠隔でrootアクセス可能な脆弱性。CVE-2025-40634はCVSSv4スコア9.2。DNSクエリを送信してインターネット疎通を確認するconn-indicatorファームウェアにおけるバッファオーバーフロー。PoC(
@__kokumoto
21 May 2025
78 Impressions
4 Retweets
17 Likes
4 Bookmarks
0 Replies
1 Quote
GitHub - hacefresko/CVE-2025-40634: Exploit for stack-based buffer overflow found in the conn-indicator binary in the TP-Link Archer AX50 router - https://t.co/5D88BYnOb5
@piedpiper1616
21 May 2025
3160 Impressions
20 Retweets
55 Likes
20 Bookmarks
0 Replies
1 Quote
Finally, the CVE for the buffer overflow I found on the TP-Link Archer AX50 router has been published! It has been assigned CVE-2025-40634 and I've also published the exploit that I made back then for it :) https://t.co/pqeEyAUA8M
@hacefresko
20 May 2025
1754 Impressions
12 Retweets
49 Likes
19 Bookmarks
2 Replies
0 Quotes
CVE-2025-40634 Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build… https://t.co/SlMMwrtQny
@CVEnew
20 May 2025
396 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes