Critical TP-Link Router Flaw Allows Full Device Takeover

Security researchers have detailed a critical remote code execution vulnerability (CVE-2025-9961) in the management protocol of certain TP-Link routers. The flaw stems from a stack-based buffer overflow that can be triggered by specially crafted requests, allowing an attacker to hijack the device's execution flow. To achieve exploitation, the researchers developed a complex attack chain that involved downgrading the firmware, building a custom server to deliver the payload, and brute-forcing memory protections. Their proof-of-concept successfully bypassed existing mitigations using a ret2libc technique to ultimately deploy a reverse shell and gain complete control over the router. The device manufacturer has since released firmware updates to address the vulnerability, and users are urged to apply them immediately.