CVE-2025-15568
Analyzed Analyzed - Analysis Complete
Command Injection in Archer AXE75 Router Enables Root RCE

Publication date: 2026-03-09

Last updated on: 2026-05-06

Assigner: TPLink

Description
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-03-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15568
EUVD
EUVD-2025-208430
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tp-link archer_axe75_firmware to 1.3.2 (exc)
tp-link archer_axe75_firmware 1.3.2
tp-link archer_axe75_firmware 1.3.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-15568 is a command injection vulnerability found in the web module of the TP-Link Archer AXE75 router, specifically versions v1.6 and v1.0 with firmware versions up to 1.3.2 Build 20250107.

An authenticated attacker with adjacent-network access can exploit this vulnerability when the router is configured with the parameter sysmode=ap, allowing them to execute remote code on the device.

Successful exploitation grants the attacker root-level privileges, which means they gain full control over the device.


How can this vulnerability impact me? :

This vulnerability can severely impact the confidentiality, integrity, and availability of the affected router device.

  • Confidentiality impact: An attacker with root privileges can access sensitive information stored or transmitted by the device.
  • Integrity impact: The attacker can modify device settings or data, potentially causing malfunction or unauthorized behavior.
  • Availability impact: The attacker could disrupt the normal operation of the router, causing denial of service or network outages.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, TP-Link strongly recommends updating the Archer AXE75 router to the latest firmware version.

Ensuring the device is not configured with sysmode=ap or restricting access to authenticated users with adjacent-network access can also help reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart