CVE-2025-15517

Published Mar 23, 2026

Last updated 3 days ago

CVSS high 8.6

Overview

Description
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

f23511db-6c3e-4e32-a477-6aa17d310630
CWE-306

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

5

  1. TP-Link warns users to patch critical router auth bypass flaw (CVE-2025-15517) via @BleepinComputer #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/2Bzl6QHk7o

    @proficioinc

    27 Mar 2026

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. TP-Linkが無線LANルータArcher NXシリーズの乗っ取りが可能な脆弱性を修正。CVE-2025-15517は管理画面の一部CGIエンドポイントにおける認証の欠如。ハードコードされた暗号鍵CVE-2025-15605、adminからのコマンドインジェ

    @__kokumoto

    26 Mar 2026

    854 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. https://t.co/cL9b1jNdIk TP-LinkのArcher NXルーターに認証バイパスなど重大な脆弱性(CVE-2025-15517等)が見つかりました。悪用されると端末を乗っ取られる恐れがありますよ。該当機種の方は至急ファームウェアの更新

    @Anti_Ch_PCgc

    26 Mar 2026

    145 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. TP-Link、認証バイパスの重大な脆弱性にパッチ(CVE-2025-15517他) | Codebook|Security News https://t.co/YMadgpKm5T

    @ohhara_shiojiri

    26 Mar 2026

    139 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🩹TP-Link、認証バイパスの重大な脆弱性にパッチ(CVE-2025-15517他) 🇬🇷有罪判決受けたスパイウェアメーカーIntellexaの創設者、複数の電話盗聴にギリシャ政府が関与していたと示唆 〜サイバーアラート3月26

    @MachinaRecord

    26 Mar 2026

    260 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  6. Falha de segurança em roteadores TP-Link: CVE-2025-15517 permite invasão sem senha https://t.co/W0zjU4dCJR

    @SempreUpdate

    25 Mar 2026

    146 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. TP-Link patches CVE-2025-15517 (CVSS 8.6) in Archer NX routers - unauthenticated attackers can upload arbitrary firmware via missing auth check on HTTP endpoints. If you run NX200/210/500/600, patch immediately. https://t.co/Ge3UPCEnxU #infosec #IoT #vulnerability

    @CyberDaily_News

    25 Mar 2026

    133 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. TP-Link patched critical auth-bypass flaw (CVE-2025-15517) in Archer NX routers allowing unauthenticated firmware upload and full device takeover; additional hardcoded key and command injection bugs also fixed. Patch immediately. #CyberSecurity #Vulnerability #Routers #TPLink

    @VivekIntel

    25 Mar 2026

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. TP-Link released firmware updates for Archer NX200, NX210, NX500, and NX600 routers to fix critical authentication bypass (CVE-2025-15517), remove hardcoded cryptographic keys, and patch command injection flaws. #TPLink #RouterFlaws #China https://t.co/2ONtJqzcqx

    @TweetThreatNews

    25 Mar 2026

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. [Security Affairs] Patch now: TP-Link Archer NX routers vulnerable to firmware takeover. TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link... https://t.co/RD56ahlR40

    @shah_sheikh

    25 Mar 2026

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 TP-LINK ALERTA PARA FALHA CRÍTICA EM ROTEADORES ARCHER NX Vulnerabilidade CVE-2025-15517 permite bypass de autenticação e upload de firmware. Atacantes podem assumir controle total do dispositivo sem credenciais. Histórico da TP-Link inclui exploração por botnets co

    @EloViral

    25 Mar 2026

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. BREAKING: TP-Link patches critical CVE-2025-15517 in Archer NX200, NX210, NX500, NX600 routers that allowed unauthenticated firmware uploads. https://t.co/yuoWUESeLq

    @threatcluster

    25 Mar 2026

    126 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.