Command Injection Vulnerability in Archer AXE75 Router by TP-Link
CVE-2025-15568

8.5HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Archer Axe75 V1.6/v1.0
Vendor
CVE Published:
9 March 2026

What is CVE-2025-15568?

A command injection flaw exists in the web module of the Archer AXE75 router versions 1.6 and 1.0. This vulnerability could enable an authenticated attacker with adjacent network access to execute arbitrary commands remotely when the router operates in AP mode. If exploited, it grants root-level access, undermining the device's confidentiality, integrity, and availability. Users are advised to consult the vendor's advisory for recommended patches and further protective measures.

Affected Version(s)

Archer AXE75 v1.6/v1.0 0 <= 1.3.2 Build 20250107

References

https://www.tp-link.com/us/support/download/archer-axe75/...
patch
https://www.tp-link.com/us/support/download/archer-axe75/...
patch
https://www.tp-link.com/en/support/download/archer-axe75/...
patch

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.