CVE-2025-58077 – This CVE describes a heap-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2025-58077?

CVE-2025-58077 has a CVSS score of 8.0 (HIGH). This CVE describes a heap-based buffer overflow in the tmpserver modules of TP-Link Archer AX53 v1.0 routers. Authenticated attackers on the same local network can send specially crafted packets with excessive host entries to cause a segmentation fault or potentially execute arbitrary code. It affects Archer AX53 v1.0 devices running firmware versions up to 1.3.1 Build 20241120.

📋 TL;DR

This CVE describes a heap-based buffer overflow in the tmpserver modules of TP-Link Archer AX53 v1.0 routers. Authenticated attackers on the same local network can send specially crafted packets with excessive host entries to cause a segmentation fault or potentially execute arbitrary code. It affects Archer AX53 v1.0 devices running firmware versions up to 1.3.1 Build 20241120.

💻 Affected Systems

Products:

TP-Link Archer AX53 v1.0

Versions: through 1.3.1 Build 20241120

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires tmpserver module to be active; typical in default configurations. Authentication is needed for exploitation.

📦 What is this software?

Archer Ax53 Firmware by Tp Link

View all CVEs affecting Archer Ax53 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated adjacent attacker gains remote code execution (RCE) on the router, potentially leading to full device compromise, data theft, or use as a pivot point in the network.

🟠

Likely Case

Attackers cause a denial of service (DoS) via segmentation fault, crashing the tmpserver service and disrupting router functionality.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to DoS within a restricted network segment.

🌐 Internet-Facing: LOW, as exploitation requires adjacent network access and authentication, not direct internet exposure.

🏢 Internal Only: MEDIUM, as internal attackers with network access and credentials could exploit it, but authentication is a barrier.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM, due to need for authentication and crafting specific network packets.

Exploitation details are not publicly disclosed; based on CVE description, it involves sending packets with excessive host entries.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check TP-Link support for firmware newer than 1.3.1 Build 20241120

Vendor Advisory: https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware

Restart Required: Yes

Instructions:

1. Visit TP-Link support page for Archer AX53 v1.0. 2. Download the latest firmware version. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Reboot the router after installation.

🔧 Temporary Workarounds

Restrict Network Access

all

Limit access to the router's management interface to trusted devices only using firewall rules or VLAN segmentation.

Disable Unnecessary Services

all

If possible, disable the tmpserver module or any non-essential services on the router to reduce attack surface.

🧯 If You Can't Patch

Isolate the router on a dedicated network segment to minimize exposure to potential attackers.
Monitor network traffic for unusual packets or attempts to access the router's services, and review logs for segmentation fault errors.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in the router's admin interface under System Tools > Firmware Upgrade; if version is 1.3.1 Build 20241120 or earlier, it is vulnerable.

Check Version:

Log into router web interface and navigate to System Tools > Firmware Upgrade to view current version.

Verify Fix Applied:

After updating, confirm the firmware version is newer than 1.3.1 Build 20241120 in the same interface.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash logs related to tmpserver process in router system logs.

Network Indicators:

Unusual network packets with high volume of host entries directed at the router's IP on relevant ports.

SIEM Query:

Example: search for events where source_ip is internal and destination_ip is router_ip with packet_size anomalies or error logs containing 'segmentation fault'.

📊 Metadata

CVE ID: CVE-2025-58077

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

EPSS Score: 0.03% exploit probability (8.3th percentile)

Published: February 3, 2026

Last Updated: February 11, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/ Third Party Advisory
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware Product
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware Product
https://www.tp-link.com/us/support/faq/4943/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58077, you might also want to check these: