CVE-2025-40634

Stack-based buffer overflow in TP-Link Archer AX50

CVSS 9.2 CRITICALEPSS 0.6%CWE-121

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.2EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

20 May 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

TP-Link · Link Archer AX50

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stack-based-buffer-overflow-tp-link-archer-ax50