Description
A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device.
Published: 2026-03-20
Score: 7.3 High
EPSS: 2.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated command injection flaw exists in the mscd debug functionality of TP‑Link Archer AX53 v1. The flaw arises because the service does not properly validate input used for log redirection and for concatenating file contents into shell commands. An attacker who can authenticate to the service can craft requests that cause the router to execute arbitrary shell commands. Successful exploitation can lead to the attacker running malicious code and potentially taking full control of the device, compromising confidentiality, integrity, and availability.

Affected Systems

TP‑Link Systems Inc. Archer AX53 router, firmware version 1.0 (v1). No other versions are listed as affected.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity vulnerability, while the EPSS score of 2% suggests that exploitation is relatively unlikely at this time. The flaw is not listed in CISA’s KEV catalog. Exploitation requires the attacker to have valid credentials to the device or to otherwise authenticate to the mscd service, after which the attack can be performed over the network. Because the flaw allows arbitrary command execution, the risk profile is significant if the device is exposed.

Generated by OpenCVE AI on June 18, 2026 at 04:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or restrict access to the mscd debug interface and enforce authentication to mitigate risk of command injection (CWE‑77).
  • Enforce strict input validation and proper escaping for any parameters that influence shell commands to prevent command injection (CWE‑77).
  • Monitor the device’s logs for unexpected command executions or suspicious activity associated with the mscd service.

Generated by OpenCVE AI on June 18, 2026 at 04:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Ax53
Tp-link archer Ax53 Firmware
CPEs cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Ax53
Tp-link archer Ax53 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 23 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link ax53 V1
Vendors & Products Tp-link
Tp-link ax53 V1

Fri, 20 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device.
Title Authenticated Command Injection in mcsd Service of TP-Link Archer AX53
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Tp-link Archer Ax53 Archer Ax53 Firmware Ax53 V1
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-23T13:01:13.613Z

Reserved: 2026-03-10T17:11:14.041Z

Link: CVE-2025-15607

cve-icon Vulnrichment

Updated: 2026-03-23T13:01:10.503Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T17:16:40.123

Modified: 2026-06-17T08:38:06.587

Link: CVE-2025-15607

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T04:30:16Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')