AI description
CVE-2025-9961 is a remote code execution (RCE) vulnerability found in TP-Link routers, specifically affecting the CWMP (CPE WAN Management Protocol) binary. An authenticated attacker can exploit this flaw to remotely execute arbitrary code on the affected devices. The vulnerability can be triggered by sending malformed SOAP requests. The vulnerability is a stack-based buffer overflow within the cwmp process. Security researchers bypassed Address Space Layout Randomization (ASLR) by brute-forcing the base address of the standard C library. Successful exploitation allows an attacker to gain full control of the router, potentially intercepting traffic, launching attacks on the local network, or adding the device to a botnet. The exploit often involves using a return-to-libc (ret2libc) technique to call the system() function with a command to download and execute a malicious binary from an attacker-controlled server.
- Description
- An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
- Source
- f23511db-6c3e-4e32-a477-6aa17d310630
- NVD status
- Deferred
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- f23511db-6c3e-4e32-a477-6aa17d310630
- CWE-120
- Hype score
- Not currently trending
Authenticated RCE on TP-Link AX10/AX1500 via CWMP exploitation (CVE-2025-9961) https://t.co/9UgZe6WLeV #infosec https://t.co/XYvBK43DvU
@0xor0ne
20 Mar 2026
3682 Impressions
18 Retweets
73 Likes
35 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-20841 2 - CVE-2025-55177 3 - CVE-2026-1731 4 - CVE-2025-9961 5 - CVE-2026-22182 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
16 Feb 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-12725 2 - CVE-2026-25253 3 - CVE-2026-1731 4 - CVE-2026-21508 5 - CVE-2025-9961 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
15 Feb 2026
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Authenticated RCE on TP-Link AX10 & AX1500 through CWMP exploitation (CVE-2025-9961) https://t.co/9UgZe6WLeV #infosec https://t.co/Vc5sLd64Lq
@0xor0ne
14 Feb 2026
13873 Impressions
37 Retweets
182 Likes
119 Bookmarks
2 Replies
3 Quotes
📚 Zero-Day in TP-Link AX10 Router (CVE-2025-9961) Exploiting a zero-day vulnerability in the TP-Link AX10 router. Read: https://t.co/eiZSCIk0tn https://t.co/p41zTJ7Q2K
@IntCyberDigest
9 Nov 2025
25496 Impressions
55 Retweets
327 Likes
132 Bookmarks
5 Replies
2 Quotes
#VulnerabilityReport #ByteRay CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released https://t.co/sn4EvOZtTa
@Komodosec
27 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TP-Link Archer AX10(JP) に9/5付でファームウェアアップデート来てるけど、CVE-2025-9961へ対応したかどうかは不明。WAN側の管理機能オフ推奨 https://t.co/0frIiSNM2P
@lightmare8
20 Oct 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1⃣. CVE-2025-32463: LPE to Root via Sudo chroot in Linux - https://t.co/tPtqOQHYJ8 2⃣. CVE-2025-61984: Exploiting SSH via ProxyCommand - https://t.co/2HOWbhgb98 3⃣. CVE-2025-9961: TP-Link CWMP Service RCE - https://t.co/a4Iktctz7h 4⃣. Exploit development for
@ksg93rd
15 Oct 2025
1216 Impressions
6 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500 https://t.co/ek52xdylRi Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability
@hackyboiz
24 Sept 2025
648 Impressions
3 Retweets
14 Likes
8 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500 https://t.co/ek52xdylRi Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability
@hackyboiz
24 Sept 2025
180 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE 🔥PoC: https://t.co/eFH0OhAn8L 🎯42.8k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/pIBCuUOfJ4 FOFA Query:app="TP_LINK-AX1500" 🔖Refer: https://t.co/Ycve
@fofabot
23 Sept 2025
624 Impressions
0 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨: CVE-2025-9961(Zero-Day): An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500 series. 🧐Deep Dive :1.https://t.co/SwejtIN00x 2.https://t.co/PEYlfgyYrD 📊37.6K+ Services are found on the https://t.co/ys
@HunterMapping
23 Sept 2025
3764 Impressions
22 Retweets
62 Likes
22 Bookmarks
0 Replies
0 Quotes
Security researchers have detailed a critical remote code execution vulnerability (CVE-2025-9961) in the management protocol of certain TP-Link routers. The flaw stems from a stack-based buffer overflow that can be trigg... #vulnerability https://t.co/CrcqKL5JZ3
@CyberDigests
22 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-9961 (CVSS: 8.6) : TP-Link routers are at risk! A critical flaw in the CWMP service allows authenticated RCE—hackers could take full control! 🔥PoC: https://t.co/DIMzoFfNy6 Search by vul.cve Filter👉vul.cve="CVE-2025-9961" ZoomEye Dork👉app="TP-Link AX1
@zoomeye_team
22 Sept 2025
1804 Impressions
5 Retweets
28 Likes
9 Bookmarks
0 Replies
1 Quote
🗣️ CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released https://t.co/HaANiRYMC5
@fridaysecurity
22 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-9961) in TP-Link routers' CWMP service allows remote code execution, bypassing ASLR. Patch your device immediately. https://t.co/5R17lFnUDj https://t.co/K2zUtPzhHt
@the_yellow_fall
19 Sept 2025
253 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #TP-Link: disponibile un #PoC per lo sfruttamento della CVE-2025-9961 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/Nbw8K08Apj 🔄 Aggiornamenti disponibili 🔄 https://t.co/VoWI5QROX1
@Vulcanux_
18 Sept 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploiting authenticated Stack-OverFlow (CVE-2025-9961) in TP-Link routers. Write-Up + PoC: https://t.co/18f2SZQfAO #zeroday #tplink #exploit
@pwn2dav
17 Sept 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 HIGH severity alert: TP-Link AX10 & AX1500 routers are vulnerable to a buffer overflow (CVE-2025-9961) allowing remote code execution via MITM. Patch ASAP & secure management! 🔒 https://t.co/OX9lZYzOwt #OffS... https://t.co/7wMucoPxoZ
@offseq
7 Sept 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9961 An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-M… https://t.co/pM5c9yw44m
@CVEnew
6 Sept 2025
339 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes