#VU124534 Command injection in TP-Link products - CVE-2025-15519
Published: March 25, 2026
Vulnerability identifier: #VU124534
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-15519
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Archer NX600
Archer NX500
Archer NX210
Archer NX200
Archer NX600
Archer NX500
Archer NX210
Archer NX200
Software vendor:
TP-Link
TP-Link
Description
The vulnerability allows a remote user to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.
The vulnerability exists due to improper input handling in the modem management CLI command when parsing user input. A remote user can provide crafted input to execute arbitrary commands on the operating system, impacting confidentiality, integrity and availability of the device.
Remediation
Install security update from vendor's website.