Security Advisory

CVE-2025-9961

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-06 06:50:59

Last updated 2026-02-26 17:49:11

Assigner TPLink

State PUBLISHED

Description

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.

← Browse all CVEs View on cve.org ↗