Nicola Giuffrida

1 exploit Active since Jan 2026
CVE-2025-15545 NOMISEC MEDIUM WORKING POC
TP-Link Archer RE605X Firmware <= 1.2.10 - Command Injection via Backup Restore
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
1 stars
CVSS 6.8