Security Advisory on Multiple Vulnerabilities on Archer AX53 (CVE-2025-58455, CVE-2025-59482, CVE-2025-59487, CVE-2025-62404, CVE-2025-61944, CVE-2025-61983, CVE-2025-62405, CVE-2025-58077, CVE-2025-62673 & CVE-2025-62501)

Multiple vulnerabilities were identified in TP-Link Archer AX53 v1.0 across tmpserver and tdpserver modules, concerning multiplel heap-based buffer overflow conditions.

Description of Vulnerabilities and Impacts:

Heap-based Buffer Overflow Vulnerabilities:

CVE-2025-58455: due to Packet Length Exceeding Expected Limits

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.

CVE-2025-59482: due to Insufficient Validation of a Packet Field Length

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.

CVE-2025-59487: due to Improper Validation of Packet Field Offset

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.

CVE-2025-62404: due to Maliciously Formed Field in tdpserver Module

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.

CVE-2025-61944: due to Excessive Zero-Length Fields

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.

CVE-2025-61983: due to Excessive Number of Zero-Length Fields

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.

CVE-2025-62405: due to Overly Long Packet Field

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.

CVE-2025-62405: due to Overly Long Packet Field

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.

CVE-2025-58077: due to Excessive Number of Host Entries in Packets

‘tmpserver modules’ allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries

The above vulnerabilities have the same CVSS score ratings:

CVSS v4.0 Score: 7.3 / High

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-62673: due to Malformed Field in tpdserver

‘tdpserver modules’ allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.

CVSS v4.0 Score: 8.6 / High

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2025-62601: SSH Hostkey Misconfiguration Vulnerability Enabling Potential MiTM Credential Interception

SSH Hostkey misconfiguration vulnerability in ‘tmpserver modules’ allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.

CVSS v4.0 Score: 7.0 / High

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products/Versions and Fixes:

Recommendations:

We strongly recommend that users with affected devices take the following actions:

1. Download and update to the latest firmware version to fix the

EN: Download for Archer AX53 | TP-Link

MY: Download for Archer AX53 | TP-Link Malaysia

AX53 v1 is not sold in the US.

Disclaimer:

If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.