{"api_version":"1","generated_at":"2026-04-21T19:19:20+00:00","cve":"CVE-2025-15607","urls":{"html":"https://cve.report/CVE-2025-15607","api":"https://cve.report/api/cve/CVE-2025-15607.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-15607","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-15607"},"summary":{"title":"Authenticated Command Injection in mcsd Service of TP-Link Archer AX53","description":"A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands.  Successful exploitation may allow execution of malicious commands and ultimately full control of the device.","state":"PUBLISHED","assigner":"TPLink","published_at":"2026-03-20 17:16:40","updated_at":"2026-04-02 20:53:50"},"problem_types":["CWE-77","CWE-77 CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"metrics":[{"version":"4.0","source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","score":"7.3","severity":"HIGH","vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"7.3","severity":"HIGH","vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":7.3,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware","name":"https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware","refsource":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.tp-link.com/us/support/faq/5025/","name":"https://www.tp-link.com/us/support/faq/5025/","refsource":"f23511db-6c3e-4e32-a477-6aa17d310630","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-15607","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15607","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"TP-Link Systems Inc.","product":"AX53 v1","version":"affected 251029 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"samuzora","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"15607","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"tp-link","cpe5":"archer_ax53","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"15607","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"tp-link","cpe5":"archer_ax53_firmware","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"15607","cve":"CVE-2025-15607","epss":"0.004710000","percentile":"0.645620000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-15607","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-03-21T04:01:45.454128Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-23T13:01:13.613Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","modules":["mcsd service"],"product":"AX53 v1","vendor":"TP-Link Systems Inc.","versions":[{"lessThan":"251029","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"samuzora"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands.  Successful exploitation may allow execution of malicious commands and ultimately full control of the device."}],"value":"A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands.  Successful exploitation may allow execution of malicious commands and ultimately full control of the device."}],"impacts":[{"capecId":"CAPEC-248","descriptions":[{"lang":"en","value":"CAPEC-248 Command Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":7.3,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-77","description":"CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-20T16:31:12.808Z","orgId":"f23511db-6c3e-4e32-a477-6aa17d310630","shortName":"TPLink"},"references":[{"tags":["patch"],"url":"https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware"},{"tags":["vendor-advisory"],"url":"https://www.tp-link.com/us/support/faq/5025/"}],"source":{"discovery":"UNKNOWN"},"title":"Authenticated Command Injection in mcsd Service of TP-Link Archer AX53","x_generator":{"engine":"Vulnogram 1.0.0"}}},"cveMetadata":{"assignerOrgId":"f23511db-6c3e-4e32-a477-6aa17d310630","assignerShortName":"TPLink","cveId":"CVE-2025-15607","datePublished":"2026-03-20T16:31:12.808Z","dateReserved":"2026-03-10T17:11:14.041Z","dateUpdated":"2026-03-23T13:01:13.613Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-20 17:16:40","lastModifiedDate":"2026-04-02 20:53:50","problem_types":["CWE-77","CWE-77 CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"],"metrics":{"cvssMetricV40":[{"source":"f23511db-6c3e-4e32-a477-6aa17d310630","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*","matchCriteriaId":"8C762E60-933C-4B61-84D1-0A6FE4D5E08E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*","matchCriteriaId":"394AAF99-8784-4872-8EED-A12B97C575E4"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"15607","Ordinal":"1","Title":"Authenticated Command Injection in mcsd Service of TP-Link Arche","CVE":"CVE-2025-15607","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"15607","Ordinal":"1","NoteData":"A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands.  Successful exploitation may allow execution of malicious commands and ultimately full control of the device.","Type":"Description","Title":"Authenticated Command Injection in mcsd Service of TP-Link Arche"}]}}}