RCE in Tp-link Systems Inc. Ax53 V1

CVE-2025-15607

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling aut…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (55.8th percentile) — read the EPSS interpretation.

Affected products

Tp-link Systems Inc. Ax53 V1 — versions 0

Weakness classification (CWE)

CWE-77 — Command Injection

References

www.tp-link.com/en/support/download/archer-ax53/v1/ (patch)
www.tp-link.com/us/support/faq/5025/ (vendor-advisory)