Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution
TP-Link disclosed a critical security advisory revealing four high-severity vulnerabilities impacting its Archer NX200, NX210, NX500, and NX600 router series.
These flaws, if exploited, allow threat actors to bypass authentication, execute arbitrary operating system commands, or manipulate sensitive configuration files.
Vulnerability Details
The advisory identifies a combination of authorization bypass, command injection, and cryptographic weaknesses.
These vulnerabilities significantly threaten device confidentiality, integrity, and availability.
- CVE-2025-15517 (CVSS 8.6): Authorization bypass in HTTP server endpoints, enabling unauthenticated attackers to perform privileged actions like firmware uploads or configuration changes.
- CVE-2026-15518 (CVSS 8.5): Command injection flaw in the wireless control CLI, allowing authenticated admin users to inject and execute arbitrary OS commands.
- CVE-2026-15519 (CVSS 8.5): Command injection vulnerability in the modem management CLI, similarly enabling OS command execution via malicious input.
- CVE-2025-15605 (CVSS 8.5): Hardcoded cryptographic key exposure in the configuration mechanism, permitting authenticated attackers to decrypt, alter, and re-encrypt sensitive device configurations.
Affected Products
Users must apply firmware updates immediately to secure their networks. TP-Link states these specific router models are not sold in the US.
Ensure verification of your hardware version and application of the correct patch.
- Archer NX600: Update hardware v1.0 to 1.4.0 Build 260311, v2.0 to 1.3.0 Build 260311, v3.0 to 1.3.0 Build 260309.
- Archer NX500: Update hardware v1.0 to 1.3.0 Build 260311, v2.0 to 1.5.0 Build 260309.
- Archer NX210: Update hardware v2.0 and v2.20 to 1.3.0 Build 260311, v3.0 to 1.3.0 Build 260309.
- Archer NX200: Update hardware v1.0 to 1.8.0 Build 260311, v2.0 and v2.20 to 1.3.0 Build 260311, v3.0 to 1.3.0 Build 260309.
Mitigation Strategies
Network administrators and device owners must immediately verify current firmware versions against the provided hardware list.
TP-Link strongly advises downloading and applying the latest firmware updates directly from their official support portal to mitigate these risks.
Unpatched devices remain vulnerable to potential network hijacking, unauthorized configuration changes, and complete device takeover.