Description
A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device.
Published: 2026-03-20
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution
Action: Apply Patch
AI Analysis

Impact

An authenticated command injection flaw exists in the mscd debug functionality of TP‑Link Archer AX53 v1. The flaw arises because the service does not properly validate input used for log redirection and for concatenating file contents into shell commands. An attacker who can authenticate to the service can craft requests that cause the router to execute arbitrary shell commands. Successful exploitation can lead to the attacker running malicious code and potentially taking full control of the device, compromising confidentiality, integrity, and availability.

Affected Systems

TP‑Link Systems Inc. Archer AX53 router, firmware version 1.0 (v1). No other versions are listed as affected.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity vulnerability, while the EPSS value is below 1%, suggesting that exploitation is unlikely to be widespread at present. The flaw is not listed in CISA’s KEV catalog. Exploitation requires the attacker to have valid credentials to the device or to otherwise authenticate to the mscd service, after which the attack can be performed over the network. Because the flaw allows arbitrary command execution, the risk profile is significant if the device is exposed.

Generated by OpenCVE AI on April 3, 2026 at 00:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest TP‑Link firmware that resolves this vulnerability.
  • If a firmware update is not available, disable or restrict access to the mscd debug interface by blocking the relevant management ports or disabling remote management features.
  • Monitor the device’s logs for signs of attempted command injection or other suspicious activity.
  • Maintain strong, unique credentials for all device management interfaces and rotate them regularly.

Generated by OpenCVE AI on April 3, 2026 at 00:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Ax53
Tp-link archer Ax53 Firmware
CPEs cpe:2.3:h:tp-link:archer_ax53:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_ax53_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Ax53
Tp-link archer Ax53 Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 23 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link ax53 V1
Vendors & Products Tp-link
Tp-link ax53 V1

Fri, 20 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device.
Title Authenticated Command Injection in mcsd Service of TP-Link Archer AX53
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Tp-link Archer Ax53 Archer Ax53 Firmware Ax53 V1
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-23T13:01:13.613Z

Reserved: 2026-03-10T17:11:14.041Z

Link: CVE-2025-15607

cve-icon Vulnrichment

Updated: 2026-03-23T13:01:10.503Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T17:16:40.123

Modified: 2026-04-02T20:53:50.533

Link: CVE-2025-15607

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:39:19Z

Weaknesses