CVE-2025-15545

MEDIUM

TP-Link Archer RE605X Firmware <= 1.2.10 - Command Injection via Backup Restore

Title source: llm

Description

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.

Exploits (1)

nomisec WORKING POC 1 stars

by Xernary · poc

https://github.com/Xernary/CVE-2025-15545

View Code ZIP pw:eip

References (4)

[Various Sources] https://www.tp-link.com/en/support/download/re605x/v3/#Firmware

[Various Sources] https://www.tp-link.com/us/support/download/re605x/v3/#Firmware

[Various Sources] https://www.tp-link.com/us/support/faq/4929/

[Various Sources] https://nico-security.com/posts/cve-2025-15545

Scores

CVSS v3 6.8

EPSS 0.0004

EPSS Percentile 12.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

tp-link/archer_re605x_firmware < 1.2.10

Published Jan 29, 2026

Tracked Since Feb 18, 2026