SB20260325142 - Multiple vulnerabilities in TP-Link Archer routers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260325142

SB20260325142 - Multiple vulnerabilities in TP-Link Archer routers

Published: March 25, 2026

Security Bulletin ID SB20260325142
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2025-15517)

The vulnerability allows a remote attacker to perform privileged HTTP actions without authentication, including firmware upload and configuration operations.

The vulnerability exists due to improper access control in the HTTP server when handling requests to certain CGI endpoints. A remote attacker can send a specially crafted request to perform privileged HTTP actions without authentication, including firmware upload and configuration operations.


2) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2025-15605)

The vulnerability allows a remote user to decrypt configuration files, modify them and re-encrypt them, affecting confidentiality and integrity of device configuration data.

The vulnerability exists due to a hardcoded cryptographic key in the configuration encryption mechanism when processing configuration data. A remote user can exploit the static key to decrypt configuration files, modify them and re-encrypt them, affecting confidentiality and integrity of device configuration data.


3) Command injection (CVE-ID: CVE-2025-15518)

The vulnerability allows a remote user to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.

The vulnerability exists due to improper input handling in the wireless control CLI command when parsing user input. A remote user can provide crafted input to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.


4) Command injection (CVE-ID: CVE-2025-15519)

The vulnerability allows a remote user to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.

The vulnerability exists due to improper input handling in the modem management CLI command when parsing user input. A remote user can provide crafted input to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.


Remediation

Install update from vendor's website.

References