CVE-2025-15545 – CVE-2025-15545 is a command injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2025-15545?

CVE-2025-15545 has a CVSS score of 6.8 (MEDIUM). CVE-2025-15545 is a command injection vulnerability in TP-Link RE605X v3 backup restore function that allows attackers to execute arbitrary commands with root privileges by crafting malicious backup files. This affects TP-Link RE605X v3 devices with vulnerable firmware versions. Successful exploitation compromises the entire device.

📋 TL;DR

CVE-2025-15545 is a command injection vulnerability in TP-Link RE605X v3 backup restore function that allows attackers to execute arbitrary commands with root privileges by crafting malicious backup files. This affects TP-Link RE605X v3 devices with vulnerable firmware versions. Successful exploitation compromises the entire device.

💻 Affected Systems

Products:

TP-Link RE605X v3

Versions: Firmware versions prior to 1.2.0 Build 20240621

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires access to backup restore function in web interface. Default configuration includes this functionality.

📦 What is this software?

Archer Re605x Firmware by Tp Link

View all CVEs affecting Archer Re605x Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover with root access, allowing data theft, persistence installation, network pivoting, and device bricking.

🟠

Likely Case

Remote code execution leading to credential harvesting, network reconnaissance, and botnet enrollment.

🟢

If Mitigated

Limited impact if backup restore is disabled and network access is restricted.

🌐 Internet-Facing: HIGH if device management interface is exposed to internet, as exploit requires backup restore access.

🏢 Internal Only: MEDIUM as attacker needs network access to management interface and backup restore capability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access to backup restore function. Public proof-of-concept demonstrates command injection via crafted backup files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.0 Build 20240621

Vendor Advisory: https://www.tp-link.com/us/support/faq/4929/

Restart Required: Yes

Instructions:

1. Download firmware 1.2.0 Build 20240621 from TP-Link support site. 2. Log into device web interface. 3. Navigate to System Tools > Firmware Upgrade. 4. Upload and install the new firmware. 5. Device will reboot automatically.

🔧 Temporary Workarounds

Disable Backup Restore Function

all

Remove or restrict access to backup restore functionality in web interface

Network Segmentation

all

Isolate device management interface from untrusted networks

🧯 If You Can't Patch

Disable backup restore functionality completely if not needed
Implement strict network access controls to device management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface: System Tools > Firmware Upgrade. If version is older than 1.2.0 Build 20240621, device is vulnerable.

Check Version:

No CLI command available. Must check via web interface at System Tools > Firmware Upgrade.

Verify Fix Applied:

After patching, verify firmware version shows 1.2.0 Build 20240621 or newer in System Tools > Firmware Upgrade.

📡 Detection & Monitoring

Log Indicators:

Unusual backup restore operations
Shell command execution in system logs
Multiple failed restore attempts

Network Indicators:

HTTP POST requests to backup restore endpoint with unusual payloads
Outbound connections from device after restore operation

SIEM Query:

source="device_logs" AND (event="backup_restore" OR event="shell_exec") AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-15545

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.02% exploit probability (5.9th percentile)

Published: January 29, 2026

Last Updated: March 9, 2026

🔗 References

https://nico-security.com/posts/cve-2025-15545 Exploit,Third Party Advisory
https://www.tp-link.com/en/support/download/re605x/v3/#Firmware Product
https://www.tp-link.com/us/support/download/re605x/v3/#Firmware Product
https://www.tp-link.com/us/support/faq/4929/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15545, you might also want to check these: