CVE-2025-9961

Published Sep 6, 2025

Last updated 6 months ago

CVSS high 8.6
TP-Link CWMP

Overview

Description
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.  This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

f23511db-6c3e-4e32-a477-6aa17d310630
CWE-120

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2026-20841 2 - CVE-2025-55177 3 - CVE-2026-1731 4 - CVE-2025-9961 5 - CVE-2026-22182 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    16 Feb 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2025-12725 2 - CVE-2026-25253 3 - CVE-2026-1731 4 - CVE-2026-21508 5 - CVE-2025-9961 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    15 Feb 2026

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Authenticated RCE on TP-Link AX10 & AX1500 through CWMP exploitation (CVE-2025-9961) https://t.co/9UgZe6WLeV #infosec https://t.co/Vc5sLd64Lq

    @0xor0ne

    14 Feb 2026

    13873 Impressions

    37 Retweets

    182 Likes

    119 Bookmarks

    2 Replies

    3 Quotes

  4. 📚 Zero-Day in TP-Link AX10 Router (CVE-2025-9961) Exploiting a zero-day vulnerability in the TP-Link AX10 router. Read: https://t.co/eiZSCIk0tn https://t.co/p41zTJ7Q2K

    @IntCyberDigest

    9 Nov 2025

    25496 Impressions

    55 Retweets

    327 Likes

    132 Bookmarks

    5 Replies

    2 Quotes

  5. #VulnerabilityReport #ByteRay CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released https://t.co/sn4EvOZtTa

    @Komodosec

    27 Oct 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. TP-Link Archer AX10(JP) に9/5付でファームウェアアップデート来てるけど、CVE-2025-9961へ対応したかどうかは不明。WAN側の管理機能オフ推奨 https://t.co/0frIiSNM2P

    @lightmare8

    20 Oct 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. #exploit 1⃣. CVE-2025-32463: LPE to Root via Sudo chroot in Linux - https://t.co/tPtqOQHYJ8 2⃣. CVE-2025-61984: Exploiting SSH via ProxyCommand - https://t.co/2HOWbhgb98 3⃣. CVE-2025-9961: TP-Link CWMP Service RCE - https://t.co/a4Iktctz7h 4⃣. Exploit development for

    @ksg93rd

    15 Oct 2025

    1216 Impressions

    6 Retweets

    15 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  8. [1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500 https://t.co/ek52xdylRi Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability

    @hackyboiz

    24 Sept 2025

    648 Impressions

    3 Retweets

    14 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  9. [1day1line] CVE-2025-9961: Arbitrary Code Execution Vulnerability Due to Stack Buffer Overflow in CWMP Binary of TP-Link AX10, AX1500 https://t.co/ek52xdylRi Today's one-line update is about a stack buffer overflow vulnerability discovered in TP-Link routers. This vulnerability

    @hackyboiz

    24 Sept 2025

    180 Impressions

    0 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️⚠️ CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE 🔥PoC: https://t.co/eFH0OhAn8L 🎯42.8k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/pIBCuUOfJ4 FOFA Query:app="TP_LINK-AX1500" 🔖Refer: https://t.co/Ycve

    @fofabot

    23 Sept 2025

    624 Impressions

    0 Retweets

    14 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨Alert🚨: CVE-2025-9961(Zero-Day): An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500 series. 🧐Deep Dive :1.https://t.co/SwejtIN00x 2.https://t.co/PEYlfgyYrD 📊37.6K+ Services are found on the https://t.co/ys

    @HunterMapping

    23 Sept 2025

    3764 Impressions

    22 Retweets

    62 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

  12. Security researchers have detailed a critical remote code execution vulnerability (CVE-2025-9961) in the management protocol of certain TP-Link routers. The flaw stems from a stack-based buffer overflow that can be trigg... #vulnerability https://t.co/CrcqKL5JZ3

    @CyberDigests

    22 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨🚨CVE-2025-9961 (CVSS: 8.6) : TP-Link routers are at risk! A critical flaw in the CWMP service allows authenticated RCE—hackers could take full control! 🔥PoC: https://t.co/DIMzoFfNy6 Search by vul.cve Filter👉vul.cve="CVE-2025-9961" ZoomEye Dork👉app="TP-Link AX1

    @zoomeye_team

    22 Sept 2025

    1804 Impressions

    5 Retweets

    28 Likes

    9 Bookmarks

    0 Replies

    1 Quote

  14. 🗣️ CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released https://t.co/HaANiRYMC5

    @fridaysecurity

    22 Sept 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. A critical vulnerability (CVE-2025-9961) in TP-Link routers' CWMP service allows remote code execution, bypassing ASLR. Patch your device immediately. https://t.co/5R17lFnUDj https://t.co/K2zUtPzhHt

    @the_yellow_fall

    19 Sept 2025

    253 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. csirt_it: ‼️ #TP-Link: disponibile un #PoC per lo sfruttamento della CVE-2025-9961 Rischio: 🔴 Tipologia: 🔸 Remote Code Execution 🔗 https://t.co/Nbw8K08Apj 🔄 Aggiornamenti disponibili 🔄 https://t.co/VoWI5QROX1

    @Vulcanux_

    18 Sept 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Exploiting authenticated Stack-OverFlow (CVE-2025-9961) in TP-Link routers. Write-Up + PoC: https://t.co/18f2SZQfAO #zeroday #tplink #exploit

    @pwn2dav

    17 Sept 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 HIGH severity alert: TP-Link AX10 & AX1500 routers are vulnerable to a buffer overflow (CVE-2025-9961) allowing remote code execution via MITM. Patch ASAP & secure management! 🔒 https://t.co/OX9lZYzOwt #OffS... https://t.co/7wMucoPxoZ

    @offseq

    7 Sept 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-9961 An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-M… https://t.co/pM5c9yw44m

    @CVEnew

    6 Sept 2025

    339 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.