Security Advisory on Insufficient Backup File Upload Input Validation on Archer RE605X (CVE-2025-15545)
1171 Vulnerability Description:
CVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges.
CVSS v4.0 Score: 7.3 / High
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Impact:
Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
Affected Products/Versions and Fixes:
|
Affected Product Model |
Affected Version |
|
Archer RE605X V3.0 |
<(EU)_V3_20260113 <(US)_V3_20260126 |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerabilities.
EN: Download for RE605X | TP-Link
US: Download for RE605X | TP-Link
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
這篇faq是否有用?
您的反饋將幫助我們改善網站