Multiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command Execution

TP-Link disclosed a critical security advisory revealing four high-severity vulnerabilities impacting its Archer NX200, NX210, NX500, and NX600 router series.

These flaws, if exploited, allow threat actors to bypass authentication, execute arbitrary operating system commands, or manipulate sensitive configuration files.

Vulnerability Details

The advisory identifies a combination of authorization bypass, command injection, and cryptographic weaknesses.

These vulnerabilities significantly threaten device confidentiality, integrity, and availability.

  • CVE-2025-15517 (CVSS 8.6): Authorization bypass in HTTP server endpoints, enabling unauthenticated attackers to perform privileged actions like firmware uploads or configuration changes.
  • CVE-2026-15518 (CVSS 8.5): Command injection flaw in the wireless control CLI, allowing authenticated admin users to inject and execute arbitrary OS commands.
  • CVE-2026-15519 (CVSS 8.5): Command injection vulnerability in the modem management CLI, similarly enabling OS command execution via malicious input.
  • CVE-2025-15605 (CVSS 8.5): Hardcoded cryptographic key exposure in the configuration mechanism, permitting authenticated attackers to decrypt, alter, and re-encrypt sensitive device configurations.

Affected Products

Users must apply firmware updates immediately to secure their networks. TP-Link states these specific router models are not sold in the US.

Ensure verification of your hardware version and application of the correct patch.

  • Archer NX600: Update hardware v1.0 to 1.4.0 Build 260311, v2.0 to 1.3.0 Build 260311, v3.0 to 1.3.0 Build 260309.
  • Archer NX500: Update hardware v1.0 to 1.3.0 Build 260311, v2.0 to 1.5.0 Build 260309.
  • Archer NX210: Update hardware v2.0 and v2.20 to 1.3.0 Build 260311, v3.0 to 1.3.0 Build 260309.
  • Archer NX200: Update hardware v1.0 to 1.8.0 Build 260311, v2.0 and v2.20 to 1.3.0 Build 260311, v3.0 to 1.3.0 Build 260309.

Mitigation Strategies

Network administrators and device owners must immediately verify current firmware versions against the provided hardware list.

TP-Link strongly advises downloading and applying the latest firmware updates directly from their official support portal to mitigate these risks.

Unpatched devices remain vulnerable to potential network hijacking, unauthorized configuration changes, and complete device takeover.

Related Articles

Back to top button
WeJl ltWW smqRD