Stack-based Buffer Overflow in TP-Link Archer AX50 Router
CVE-2025-40634

9.2CRITICAL

Key Information:

Vendor

Tp-link
Status
Link Archer Ax50
Vendor
CVE Published:
20 May 2025

Badges

📈 Score: 305👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-40634?

CVE-2025-40634 is a critical vulnerability affecting the TP-Link Archer AX50 router, specifically related to a stack-based buffer overflow within the 'conn-indicator' binary that operates with root privileges. This vulnerability allows malicious actors to execute arbitrary code on the device, which can be exploited over both Local Area Network (LAN) and Wide Area Network (WAN) connections. The issue is particularly concerning because many homes and organizations rely on TP-Link routers for secure internet access, and a successful attack could lead to a complete compromise of the device itself, undermining the integrity and confidentiality of the network it protects. The vulnerability affects various firmware versions prior to 1.0.15 build 241203 rel61480, emphasizing the need for timely updates to mitigate risks.

Potential impact of CVE-2025-40634

  1. Unauthorized Remote Code Execution: Exploitation of this vulnerability could allow attackers to execute arbitrary code on the router, enabling them to take control of the device and manipulate network traffic, potentially leading to further intrusions into the local network.

  2. Network Compromise: Given that the vulnerability can be exploited from both LAN and WAN, successful attacks could facilitate unauthorized access to sensitive data and devices connected to the network, increasing the risk of data breaches and informational theft.

  3. Increased Exposure to Cyber Threats: The vulnerability's existence and the potential for exploitation create a higher risk environment for users, as attackers may deploy malware, adjust router settings, or engage in acts of espionage, which can compromise not only individual users but also organizations relying on these routers for operational continuity.

Affected Version(s)

Link Archer AX50 0 < 1.0.15 build 241203 rel61480

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-40634
Created by hacefresko

News Articles

favicon imageCVEShield

CVE Trends Dashboard

We're in the process of developing the mobile version of our website to improve your browsing experience on smaller screens. Keep an eye out for its release in the near future.Thank you for your patience!

2 days ago

favicon imageVulDB

CVE-2025-40634 TP-Link Archer AX50 conn-indicator stack-based overflow (EUVD-2025-15816)

A vulnerability was found in TP-Link Archer AX50 1.0.11 Build 2022052. It has been declared as critical. This vulnerability is known as CVE-2025-40634. It is recommended to upgrade the affected component.

1 week ago

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stack-...

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by VulDB

  • Vulnerability published

  • Vulnerability Reserved

Credit

Víctor Fresco Perales (@hacefresko)
.
CVE-2025-40634 : Stack-based Buffer Overflow in TP-Link Archer AX50 Router