Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

TP-Link security patch release for CVE-2025-15517

Security Patch Release
First reported
Last updated
Happening score
H score 43
1 unique sources, 1 articles

Summary

Hide ▲

TP-Link released security updates for its Archer NX router series to close a critical authentication-bypass flaw that could let attackers upload firmware without logging in. The update scope includes CVE-2025-15517 plus CVE-2025-15605 and two command injection bugs affecting NX200, NX210, NX500, and NX600 models. Owners were urged to install the latest firmware version to reduce the risk of unauthorized configuration changes and device compromise.

Related Happenings

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

Cisco security patch release for CVE-2026-20182

Security Patch Release
First: 14.05.2026 20:45 Last: 14.05.2026 20:45 Sources 1

About this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...

Open Happening

NGINX rewrite-rule workaround for CVE-2026-42945

Advisory/Mitigation
First: 14.05.2026 18:43 Last: 14.05.2026 18:43 Sources 1

About this happening: **F5** issued a **workaround** for vulnerable **NGINX rewrite rules**, reducing exposure to **CVE-2026-42945** for operators who cannot upgrade immediately. The guidance replaces...

Open Happening

Timeline

  1. 25.03.2026 13:11 2 articles · 2mo ago

    TP-Link releases Archer NX firmware updates

    Mitigation Patch Update

    TP-Link released security updates for the Archer NX router series to fix CVE-2025-15517, a critical missing-authentication flaw in the HTTP server to certain cgi endpoints that could let an attacker perform privileged HTTP actions without authentication, including firmware upload and configuration operations. The same update set also removed a hardcoded cryptographic key in CVE-2025-15605 and patched two command injection vulnerabilities, CVE-2025-15518 and CVE-2025-15519, affecting Archer NX200, NX210, NX500, and NX600 devices, and customers were urged to install the latest firmware version.

    Show sources
    Open in new tab