CVE-2025-9961 HIGH

CVE-2025-9961: Authenticated RCE by CWMP binary

Vendor Tp-Link Systems Inc.
Product AX10 V1/V1.2/V2/V2.6/V3/V3.6
Weakness CWE-120
Published September 6, 2025
Last update February 26, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.  This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.

Key dates

02Disclosure timeline

September 6, 2025 CVE published
February 26, 2026 Record updated