TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Archer NX router series to fix multiple vulnerabilities, including CVE-2025-15517 (CVSS score of 8.6), a critical authentication bypass flaw. The vulnerability impacts multiple models, including NX200, NX210, NX500, […] TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Archer NX router series to fix multiple vulnerabilities, including CVE-2025-15517 (CVSS score of 8.6), a critical authentication bypass flaw. The vulnerability impacts multiple models, including NX200, NX210, NX500, and NX600. The flaw allows attackers to upload new firmware without privileges, creating a high risk of compromise if unpatched. “A missing authentication check in the HTTP server to certain cgi endpoints allows unauthenticated access intended for authenticated users.” reads the advisory. “An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.” TP-Link also removed a hardcoded cryptographic key in Configuration Encryption Mechanism, tracked as CVE-2025-15605 (CVSS score of 8.5). The vulnerability allowed authenticated attackers to decrypt configuration files, modify them, and re-encrypt them. “A hardcoded cryptographic key within its configuration mechanism enables decryption and re-encryption of device configuration data.” reads the advisory. “An authenticated attacker may decrypt configuration files, modify them and re-encrypt them, affecting confidentiality and integrity of device configuration data.” Below is the list of impacted products/versions and related fixes: Affected ProductAffected Hardware Versions / Firmware VersionsArcher NX600 v3.0: < 1.3.0 Build 260309 v2.0: < 1.3.0 Build 260311 v1.0: < 1.4.0 Build 260311Archer NX500 v2.0: < 1.5.0 Build 260309 v1.0: < 1.3.0 Build 260311Archer NX210 v3.0: < 1.3.0 Build 260309 v2.0 & v2.20: < 1.3.0 Build 260311Archer NX200 v3.0: < 1.3.0 Build 260309 v2.20: < 1.3.0 Build 260311 v2.0: < 1.3.0 Build 260311 v1.0: < 1.8.0 Build 260311 The vendor urges customers to download and install the latest firmware version to address these issues. In September 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-9377 (CVSS score of 8.6) TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability CVE-2023-50224 (CVSS score of 6.5) TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability This week, the U.S. FCC announced a ban on importing new foreign-made consumer routers, citing unacceptable cyber and national security risks. The decision, backed by Executive Branch assessments, means such devices can no longer be sold or marketed in the U.S. unless they receive special approval. Routers will be added to the Covered List, with exceptions only for those cleared by the Department of Homeland Security or defense authorities after the Department of Homeland Security or defense authorities verify they pose no threat to communications networks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, Archer NX)
Published: 2026-03-25T14:44:41