CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical authentication bypass and command injection vulnerabilities patched in TP-Link Archer NX series routers

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

TP-Link has released critical security updates for multiple Archer NX series wireless routers to address authentication bypass, command injection, and hardcoded key vulnerabilities. The most severe flaw (CVE-2025-15517) allows unauthenticated attackers to bypass authentication and upload malicious firmware or modify configurations. Additional issues include a hardcoded cryptographic key enabling configuration file decryption and modification (CVE-2025-15605), and two command injection vulnerabilities (CVE-2025-15518, CVE-2025-15519) permitting arbitrary code execution with admin privileges. Users are strongly advised to apply patches immediately due to active exploitation risks and prior incidents of delayed patching affecting similar models.

Timeline

  1. 25.03.2026 13:11 1 articles · 2h ago

    TP-Link patches CVE-2025-15517 and related flaws in Archer NX series routers

    TP-Link released firmware updates addressing CVE-2025-15517 (authentication bypass), CVE-2025-15605 (hardcoded key), and CVE-2025-15518/CVE-2025-15519 (command injection) in Archer NX200, NX210, NX500, and NX600 routers. The updates prevent unauthenticated privilege escalation, configuration file manipulation, and arbitrary command execution. Users are urged to apply patches immediately due to active exploitation risks and historical delays in patch deployment.

    Show sources
    Open in new tab

Information Snippets

  • CVE-2025-15517 is a critical authentication bypass flaw in TP-Link Archer NX200, NX210, NX500, and NX600 routers, enabling unauthenticated privilege escalation and privileged HTTP actions such as firmware upload and configuration changes.

    First reported: 25.03.2026 13:11
    1 source, 1 article
    Show sources

  • CVE-2025-15605 involves a hardcoded cryptographic key in the configuration mechanism, allowing authenticated attackers to decrypt, modify, and re-encrypt configuration files.

    First reported: 25.03.2026 13:11
    1 source, 1 article
    Show sources

  • CVE-2025-15518 and CVE-2025-15519 are command injection vulnerabilities that permit authenticated administrators to execute arbitrary commands on affected devices.

    First reported: 25.03.2026 13:11
    1 source, 1 article
    Show sources

  • TP-Link released firmware updates addressing these vulnerabilities and strongly recommends immediate installation to mitigate exploitation risks.

    First reported: 25.03.2026 13:11
    1 source, 1 article
    Show sources

  • In September 2025, CISA added two TP-Link flaws (CVE-2023-50224 and CVE-2025-9377) to its Known Exploited Vulnerability catalog, with Quad7 botnet exploiting them to compromise vulnerable routers.

    First reported: 25.03.2026 13:11
    1 source, 1 article
    Show sources

  • TP-Link previously faced criticism for delayed patching of a 2024 zero-day vulnerability, which allowed traffic interception, DNS manipulation, and web session injection attacks.

    First reported: 25.03.2026 13:11
    1 source, 1 article
    Show sources

  • CISA has flagged six TP-Link vulnerabilities as exploited in attacks, including a legacy 2015 directory traversal flaw (CVE-2015-3035) affecting multiple Archer devices.

    First reported: 25.03.2026 13:11
    1 source, 1 article
    Show sources