GHSA-mrm5-v7mh-6mmq

Опубликовано: 06 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.6

Описание

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.

The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.

This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.

The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.

This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.

Ссылки

EPSS

Процентиль: 31%

0.00115

Низкий

8.6 High

CVSS4

CVE ID

CVE-2025-9961

Дефекты

CWE-120

Связанные уязвимости

CVE-2025-9961

nvd

3 месяца назад

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.

BDU:2025-10825

CVSS3: 7.2

fstec

3 месяца назад

Уязвимость реализации протокола CWMP/TR-069 микропрограммного обеспечения маршрутизаторов TP-Link AX10 и AX1500, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 31%

0.00115

Низкий

8.6 High

CVSS4

CVE ID

CVE-2025-9961

Дефекты

CWE-120