CVE-2025-62501 – A misconfiguration in TP-Link Archer AX53 v1.0'... (How to Fix)

Q: What is the severity of CVE-2025-62501?

CVE-2025-62501 has a CVSS score of 8.1 (HIGH). A misconfiguration in TP-Link Archer AX53 v1.0's SSH hostkey implementation allows attackers to perform man-in-the-middle attacks to capture device credentials. This could lead to unauthorized access if credentials are reused elsewhere. The vulnerability affects Archer AX53 v1.0 devices running firmware versions up to 1.3.1 Build 20241120.

📋 TL;DR

A misconfiguration in TP-Link Archer AX53 v1.0's SSH hostkey implementation allows attackers to perform man-in-the-middle attacks to capture device credentials. This could lead to unauthorized access if credentials are reused elsewhere. The vulnerability affects Archer AX53 v1.0 devices running firmware versions up to 1.3.1 Build 20241120.

💻 Affected Systems

Products:

TP-Link Archer AX53 v1.0

Versions: through 1.3.1 Build 20241120

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with SSH enabled (though this may be default). The tmpserver modules are specifically vulnerable.

📦 What is this software?

Archer Ax53 Firmware by Tp Link

View all CVEs affecting Archer Ax53 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative access to the router, potentially compromising the entire network, exfiltrating data, and using the device as a pivot point for further attacks.

🟠

Likely Case

Attackers capture administrative credentials during MITM attacks, enabling unauthorized router access and potential network reconnaissance.

🟢

If Mitigated

Limited to credential capture during active MITM attacks, with minimal impact if credentials are not reused and proper network segmentation exists.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires man-in-the-middle positioning and specially crafted SSH traffic. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check TP-Link firmware updates post-20241120

Vendor Advisory: https://www.tp-link.com/us/support/faq/4943/

Restart Required: Yes

Instructions:

1. Visit TP-Link support page for Archer AX53 v1.0. 2. Download latest firmware version. 3. Log into router admin interface. 4. Navigate to System Tools > Firmware Upgrade. 5. Upload and install the new firmware. 6. Wait for automatic reboot.

🔧 Temporary Workarounds

Disable SSH Access

all

Disable SSH service if not required for administration

Log into router admin interface and disable SSH in System Tools > Administration

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Implement strict network access controls to limit SSH access to trusted IP addresses only
Monitor SSH authentication logs for unusual activity and implement credential rotation policies

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Tools > Firmware Upgrade. If version is 1.3.1 Build 20241120 or earlier, device is vulnerable.

Check Version:

ssh admin@router-ip 'cat /proc/version' or check web interface

Verify Fix Applied:

Verify firmware version shows a build date after 20241120 and check SSH hostkey configuration is properly implemented.

📡 Detection & Monitoring

Log Indicators:

Unusual SSH connection attempts
Failed SSH authentication from unexpected sources
SSH hostkey verification failures

Network Indicators:

Unexpected SSH traffic patterns
MITM activity on network segments containing router

SIEM Query:

source="router_logs" AND (event="ssh_failed_auth" OR event="ssh_connection") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-62501

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-322

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: February 3, 2026

Last Updated: February 11, 2026

🔗 References

https://talosintelligence.com/vulnerability_reports/ Third Party Advisory
https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware Product
https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware Product
https://www.tp-link.com/us/support/faq/4943/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62501, you might also want to check these: