CVE-2025-15545— Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-15545
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X
Source: NVD (National Vulnerability Database)
Vulnerability Description
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
TP-Link Archer RE605X 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TP-Link Archer RE605X是中国普联(TP-Link)公司的一个无线信号放大器。 TP-Link Archer RE605X存在安全漏洞,该漏洞源于备份还原功能未正确验证备份文件中的意外或无法识别标签,可能导致执行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TP-Link Systems Inc. | Archer RE605X | 0 ~ (EU)_V3_20260113, (US)_V3_20260126 | - |
II. Public POCs for CVE-2025-15545
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Proof of Concept for CVE-2025-15545 | https://github.com/Xernary/CVE-2025-15545 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-15545
请登录查看更多情报信息。
Same Patch Batch · TP-Link Systems Inc. · 2026-01-29 · 7 CVEs total
| CVE-2026-1457 | Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385 | |
| CVE-2025-15548 | Missing Application-Layer Encryption in Web Interface Endpoints on TP-Link VX800v | |
| CVE-2025-15543 | Read-Only Root Access via USB Storage Device in TP-Link VX800v | |
| CVE-2025-15541 | Access to System Files via SFTP on TP-Link VX800v | |
| CVE-2025-15542 | Denial of Service (DoS) of VoIP Communication on TP-Link VX800v | |
| CVE-2025-13399 | Insecure Encryption in Communication with the Web Interface on TP-Link VX800v |
IV. Related Vulnerabilities
Same vendor: TP-Link Systems Inc.
- CVE-2026-5039
Predictable Default Cryptographic Key Used for DES Encryptio - CVE-2026-5363
Use of weak cryptographic key in TP-Link Archer C7 - CVE-2026-30818
OS Command Injection Vulnerability in dnsmasq Module in TP-L - CVE-2026-30817
Arbitrary File Reading Vulnerability in dnsmasq Module in TP - CVE-2026-30816
Arbitrary File Reading Vulnerability in OpenVPN Module in TP
Same weakness: CWE-20
V. Comments for CVE-2025-15545
No comments yet