Main Vulnerability Database Vulnerabilities #VU124533

#VU124533 Command injection in TP-Link products - CVE-2025-15518

Published: March 25, 2026

Vulnerability identifier: #VU124533

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-15518

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Archer NX600
Archer NX500
Archer NX210
Archer NX200

Software vendor:
TP-Link

Description

The vulnerability allows a remote user to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.

The vulnerability exists due to improper input handling in the wireless control CLI command when parsing user input. A remote user can provide crafted input to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.

Remediation

Install security update from vendor's website.

External links

https://www.tp-link.com/us/support/faq/5027/

#VU124533 Command injection in TP-Link products - CVE-2025-15518

Description

Remediation

External links

Please verify you're human