AI description
CVE-2025-9961 is a remote code execution (RCE) vulnerability found in TP-Link routers, specifically affecting the CWMP (CPE WAN Management Protocol) binary. An authenticated attacker can exploit this flaw to remotely execute arbitrary code on the affected devices. The vulnerability can be triggered by sending malformed SOAP requests. The vulnerability is a stack-based buffer overflow within the cwmp process. Security researchers bypassed Address Space Layout Randomization (ASLR) by brute-forcing the base address of the standard C library. Successful exploitation allows an attacker to gain full control of the router, potentially intercepting traffic, launching attacks on the local network, or adding the device to a botnet. The exploit often involves using a return-to-libc (ret2libc) technique to call the system() function with a command to download and execute a malicious binary from an attacker-controlled server.
- Description
- An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
- Source
- f23511db-6c3e-4e32-a477-6aa17d310630
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- f23511db-6c3e-4e32-a477-6aa17d310630
- CWE-120
- Hype score
- Not currently trending
[1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500 https://t.co/ek52xdylRi Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability
@hackyboiz
24 Sept 2025
648 Impressions
3 Retweets
14 Likes
8 Bookmarks
0 Replies
0 Quotes
[1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500 https://t.co/ek52xdylRi Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability
@hackyboiz
24 Sept 2025
180 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE 🔥PoC: https://t.co/eFH0OhAn8L 🎯42.8k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/pIBCuUOfJ4 FOFA Query:app="TP_LINK-AX1500" 🔖Refer: https://t.co/Ycve
@fofabot
23 Sept 2025
624 Impressions
0 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨: CVE-2025-9961(Zero-Day): An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500 series. 🧐Deep Dive :1.https://t.co/SwejtIN00x 2.https://t.co/PEYlfgyYrD 📊37.6K+ Services are found on the https://t.co/ys
@HunterMapping
23 Sept 2025
3764 Impressions
22 Retweets
62 Likes
22 Bookmarks
0 Replies
0 Quotes
Security researchers have detailed a critical remote code execution vulnerability (CVE-2025-9961) in the management protocol of certain TP-Link routers. The flaw stems from a stack-based buffer overflow that can be trigg... #vulnerability https://t.co/CrcqKL5JZ3
@CyberDigests
22 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-9961 (CVSS: 8.6) : TP-Link routers are at risk! A critical flaw in the CWMP service allows authenticated RCE—hackers could take full control! 🔥PoC: https://t.co/DIMzoFfNy6 Search by vul.cve Filter👉vul.cve="CVE-2025-9961" ZoomEye Dork👉app="TP-Link AX1
@zoomeye_team
22 Sept 2025
1804 Impressions
5 Retweets
28 Likes
9 Bookmarks
0 Replies
1 Quote
🗣️ CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released https://t.co/HaANiRYMC5
@fridaysecurity
22 Sept 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-9961) in TP-Link routers' CWMP service allows remote code execution, bypassing ASLR. Patch your device immediately. https://t.co/5R17lFnUDj https://t.co/K2zUtPzhHt
@the_yellow_fall
19 Sept 2025
253 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #TP-Link: disponibile un #PoC per lo sfruttamento della CVE-2025-9961 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/Nbw8K08Apj 🔄 Aggiornamenti disponibili 🔄 https://t.co/VoWI5QROX1
@Vulcanux_
18 Sept 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploiting authenticated Stack-OverFlow (CVE-2025-9961) in TP-Link routers. Write-Up + PoC: https://t.co/18f2SZQfAO #zeroday #tplink #exploit
@pwn2dav
17 Sept 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 HIGH severity alert: TP-Link AX10 & AX1500 routers are vulnerable to a buffer overflow (CVE-2025-9961) allowing remote code execution via MITM. Patch ASAP & secure management! 🔒 https://t.co/OX9lZYzOwt #OffS... https://t.co/7wMucoPxoZ
@offseq
7 Sept 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9961 An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-M… https://t.co/pM5c9yw44m
@CVEnew
6 Sept 2025
339 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes