Improper Authentication in TP-Link products - CVE-2025-15517

 

Improper Authentication in TP-Link products - CVE-2025-15517

Published: March 25, 2026


Vulnerability identifier: #VU124532
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-15517
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: TP-Link
Affected software:
Archer NX600
Archer NX500
Archer NX210
Archer NX200

Detailed vulnerability description

The vulnerability allows a remote attacker to perform privileged HTTP actions without authentication, including firmware upload and configuration operations.

The vulnerability exists due to improper access control in the HTTP server when handling requests to certain CGI endpoints. A remote attacker can send a specially crafted request to perform privileged HTTP actions without authentication, including firmware upload and configuration operations.


How to mitigate CVE-2025-15517

Install security update from vendor's website.

Sources