TP-Link Archer AX53 Stack-Based Buffer Overflow Vulnerability in tmpServer Module Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in the tmpServer module of the TP-Link Archer AX53 v1.0 router, prior to version 1.7.1 Build 20260213. This vulnerability allows an authenticated adjacent attacker to cause a segmentation fault and potentially execute arbitrary code by using a specially crafted configuration file. Exploitation of this vulnerability may lead to a device crash and could allow unauthorized code execution, enabling attackers to modify the device state, access sensitive data, or further compromise the device's integrity.
Impact
Exploitation of this vulnerability can cause a segmentation fault, leading to a crash, and potentially allow arbitrary code execution on the device.
Remediation
Users are advised to update to the latest firmware version, 1.7.1 Build 20260213, available on the TP-Link official website. Note that this version upgrade is irreversible.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.