Login Sign Up

CVE-2025-58455

8.0 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in TP-Link Archer AX53 v1.0 routers allows authenticated attackers on the same network to crash the device or potentially execute arbitrary code by sending specially crafted network packets. This affects the tmpserver modules in firmware versions through 1.3.1 Build 20241120. Attackers must be authenticated and adjacent to the network.

💻 Affected Systems

Products:
  • TP-Link Archer AX53 v1.0
Versions: through 1.3.1 Build 20241120
Operating Systems: TP-Link proprietary firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker authentication and adjacency to the network. tmpserver module is affected.

📦 What is this software?

Archer Ax53 Firmware by Tp Link

View all CVEs affecting Archer Ax53 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full device compromise, persistent backdoor installation, and lateral movement to other network devices.

🟠

Likely Case

Denial of service through segmentation fault causing router reboot and network disruption.

🟢

If Mitigated

Limited to denial of service if exploit attempts are detected and blocked by network monitoring.

🌐 Internet-Facing: LOW (requires adjacent network access, not directly internet exploitable)
🏢 Internal Only: HIGH (authenticated attackers on local network can exploit)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authentication and network adjacency. Heap exploitation adds complexity but buffer overflow is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check TP-Link support site for firmware newer than 1.3.1 Build 20241120

Vendor Advisory: https://www.tp-link.com/en/support/faq/4943/

Restart Required: Yes

Instructions:

1. Visit TP-Link support page for Archer AX53 v1.0. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install new firmware. 6. Router will reboot automatically.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface to separate VLAN to limit adjacent attack surface

Access Control

all

Restrict administrative access to trusted IP addresses only

🧯 If You Can't Patch

  • Disable remote management and limit administrative access to wired connections only
  • Implement network monitoring for unusual tmpserver traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Tools > Firmware Upgrade

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Confirm firmware version is newer than 1.3.1 Build 20241120

📡 Detection & Monitoring

Log Indicators:

  • Repeated segmentation faults in system logs
  • tmpserver process crashes

Network Indicators:

  • Unusually large network packets to router management interface
  • Multiple failed authentication attempts followed by large packets

SIEM Query:

Not applicable - proprietary device logging

📊 Metadata

CVE ID: CVE-2025-58455
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
EPSS Score: 0.03% exploit probability (8.3th percentile)
Published: February 3, 2026
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58455, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)