CVE-2025-15568 HIGH

CVE-2025-15568: Command Injection Vulnerability on TP-Link Archer AXE75

Vendor Tp-Link Systems Inc.

Product Archer AXE75 v1.6/v1.0

Weakness CWE-78

Published March 9, 2026

Last update March 13, 2026

View on NVD All CVEs

CVSS base score

8.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

What the vulnerability does

01Description

A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107.

Key dates

02Disclosure timeline

March 9, 2026 CVE published

March 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15568

Related vulnerabilities

Identifiers

CVE CVE-2025-15568

CWE CWE-78

CVSS 8.5 / HIGH

Affected versions