TP-Link Archer NX routers vulnerable to firmware takeover

TP-Link Archer NX routers vulnerable to firmware takeover

https://securityaffairs.com/189980/iot/patch-now-tp-link-archer-nx-routers-vulnerable-to-firmware-takeover.html

Publish Date: 2026-03-25 11:24:00

Source Domain: securityaffairs.com

Patch now: TP-Link Archer NX routers vulnerable to firmware takeover

Pierluigi Paganini
March 25, 2026

TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware.

TP-Link issued security updates for its Archer NX router series to fix multiple vulnerabilities, including CVE-2025-15517 (CVSS score of 8.6), a critical authentication bypass flaw. The vulnerability impacts multiple models, including NX200, NX210, NX500, and NX600. The flaw allows attackers to upload new firmware without privileges, creating a high risk of compromise if unpatched.

“A missing authentication check in the HTTP server to certain cgi endpoints allows unauthenticated access intended for authenticated users.” reads the advisory. “An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.”

TP-Link also removed a hardcoded cryptographic key in Configuration Encryption Mechanism, tracked as CVE-2025-15605 (CVSS score of 8.5). The vulnerability allowed authenticated attackers to decrypt configuration files, modify them, and re-encrypt them.

“A hardcoded cryptographic key within its configuration mechanism enables decryption and re-encryption of device configuration data.” reads the advisory. “An authenticated attacker may decrypt configuration files, modify them and re-encrypt them, affecting confidentiality and integrity of device configuration data.”

Below is the list of impacted products/versions and related fixes:

The vendor urges customers to download and install the latest firmware version to address…

Source