Zero Day MonitorZDM

← Back to list

8.0

CVE-2025-62673

tp-link · archer_ax53_firmware

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially c

Description

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Affected Products

Vendor	Product	Versions
tp-link	archer_ax53_firmware	—

References

https://talosintelligence.com/vulnerability_reports/(Third Party Advisory)
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware(Product)
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware(Product)
https://www.tp-link.com/us/support/faq/4943/(Vendor Advisory)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2290

Related News (1 articles)

Tier C

Cisco Talos14d ago

TP-Link, Canva, HikVision vulnerabilities

→ No new info (linked only)

CVSS 3.18.0 HIGH

VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-122

PublishedFeb 3, 2026

Last enriched8d ago

Trending Score4

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated att

HIGHCVE-2025-62501

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. Th

HIGHCVE-2025-15519

Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An

HIGHCVE-2025-15518

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An

HIGHCVE-2025-15517

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker m

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 3, 2026

Discovered by ZDM

Apr 1, 2026