—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in TP-Link router 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

TP-Link Archer BE400 V1 version 1.1.0 build 20250710 rel.14914 and prior to.

TP-Link Archer AXE75 v1.6 version prior to build 20250107.

Overview

Multiple vulnerabilities have been reported in TP-Link Archer router which could allow the attacker to perform arbitrary file deletion and denial of service (DoS) attack on the targeted device.

Target Audience: 

All organizations and individuals using TP-Link Archer router.

Risk Assessment:

High risks of service interruption and unauthorized access.

Impact Assessment:

Potential impact on confidentiality, integrity and availability of the system.

Description

TP-Link Archer Wi-Fi routers provide reliable wireless internet connectivity with features like dual-band/tri-band support, MU-MIMO, beamforming, Gigabit ports and offering 2.4 GHz/5 GHz/6 GHz bands for faster speed.

Multiple vulnerabilities exist in TP-Link Archer router due to improper input validation and improper handling and validation of pointer references within the 802.11 wireless module processing code.

Successfully exploitation of these vulnerabilities could allow the attacker to perform arbitrary file deletion and cause denial of service (DoS) attack on the targeted device.

Solution

Apply appropriate updates as mentioned in:

https://www.tp-link.com/hk/support/faq/4881/

https://www.tp-link.com/hk/support/faq/4871/

Vendor Information

TP-Link

https://www.tp-link.com/hk/support/faq/4881/

https://www.tp-link.com/hk/support/faq/4871/

References

TP-Link

https://www.tp-link.com/hk/support/faq/4881/

https://www.tp-link.com/hk/support/faq/4871/

CVE Name

CVE-2025-15035

CVE-2025-14631

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlvlQYACgkQ3jCgcSdc

ys/3cxAAoV4aOtRxRNwmnaMaexFD74Iex8Ij7x3jIXsj3QiDtY3TvzV7n3pDGYkR

nOfl3YFSz4NNGsaMZOm+Iv4WLqYpWZ/1KzhPE11/KnVg4oOxS48QcK3ZJBgrMEMx

g0Zet5OBL3oRdFVkPrecLosesYSm/DEh2ZBzoodO8PJUDbXLYexrUqZt3eSvhdq9

FWIZ90wN3Hqh7yOahS7DVHOuyXNIFXzqhKzdej+USrcjYo7Wq2WuTN4trVWTEMAh

21qVJoILKdCXWDvgmeQazMiXsZLiWidDzQjJXPqVqaCJf2rB/cEBQi2Pfu7hDivC

4GxJafd1gFAqGZzVFLxISIzxnvKLdMYRvsUz2tyHYZV12gVnt2jnzdxHEmftN1eb

quHZrBSnuR7Gdfak8FrRE8LnO2PsxxzH3u9UpXmx9iXv67B3lbjTQWTkYcl2HBAa

diGy1K9hWujHts9Lg7aHn64mq3ElnkxSLuHkcdnf1R52d3vBlcf7TxWrrIkWPIDG

xA59agJJF1cX4xYNGUpGNbeiF63m3RgI8TyIEqCoGGiBbIs5tp1ZI93OJlrdQIjJ

gqPDBAN0SnCncoekfwUsve5a77zlo85HTCEgXGq3ashn84Y9Fc92BugGt4O1H4SW

we9xMM1k7K35npaedyrA0GQTLcVpMHqeVvh5+MI1t0+s/arhYTU=

=gfph

—–END PGP SIGNATURE—–