CVE-2025-15568
Analyzed Analyzed - Analysis Complete
Command Injection in Archer AXE75 Router Enables Root RCE

Publication date: 2026-03-09

Last updated on: 2026-05-06

Assigner: TPLink

Description
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-09
Last Modified
2026-05-06
Generated
2026-06-10
AI Q&A
2026-03-09
EPSS Evaluated
2026-06-09
NVD
CVE-2025-15568
EUVD
EUVD-2025-208430
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tp-link archer_axe75_firmware to 1.3.2 (exc)
tp-link archer_axe75_firmware 1.3.2
tp-link archer_axe75_firmware 1.3.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15568 is a command injection vulnerability found in the web module of the TP-Link Archer AXE75 router, specifically versions v1.6 and v1.0 with firmware versions up to 1.3.2 Build 20250107.

An authenticated attacker with adjacent-network access can exploit this vulnerability when the router is configured with the parameter sysmode=ap, allowing them to execute remote code on the device.

Successful exploitation grants the attacker root-level privileges, which means they gain full control over the device.

Impact Analysis

This vulnerability can severely impact the confidentiality, integrity, and availability of the affected router device.

  • Confidentiality impact: An attacker with root privileges can access sensitive information stored or transmitted by the device.
  • Integrity impact: The attacker can modify device settings or data, potentially causing malfunction or unauthorized behavior.
  • Availability impact: The attacker could disrupt the normal operation of the router, causing denial of service or network outages.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, TP-Link strongly recommends updating the Archer AXE75 router to the latest firmware version.

Ensuring the device is not configured with sysmode=ap or restricting access to authenticated users with adjacent-network access can also help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart