CVE-2025-40634

Published May 20, 2025

Last updated 2 days ago

TP-Link Archer AX50

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-40634 is a stack-based buffer overflow vulnerability found in the 'conn-indicator' binary of the TP-Link Archer AX50 router. This binary runs as root. The vulnerability affects firmware versions prior to 1.0.15 build 241203 rel61480. The vulnerability allows an attacker to potentially execute arbitrary code on the device. This can be done over both local area networks (LAN) and wide area networks (WAN).

Description: Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks.
Source: cve-coordination@incibe.es
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 9.2
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

Weaknesses

cve-coordination@incibe.es: CWE-121

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 1

References