CVE-2025-15517

Published Mar 23, 2026

Last updated a month ago

CVSS high 8.6
Firmware

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-15517 describes an authorization bypass vulnerability found in the HTTP server of several TP-Link Archer NX series routers, specifically models NX200, NX210, NX500, and NX600. This flaw allows unauthenticated attackers to access certain CGI endpoints that are intended for authenticated users. By exploiting this missing authentication check, an attacker can perform privileged actions on the affected devices without needing to authenticate. These actions include, but are not limited to, uploading new firmware or modifying device configurations.

Description
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD status
Analyzed
Products
archer_nx600_firmware, archer_nx500_firmware, archer_nx210_firmware, archer_nx200_firmware

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

f23511db-6c3e-4e32-a477-6aa17d310630
CWE-306

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerabilidades en productos TP-Link ❗ CVE-2025-15605 ❗ CVE-2025-15517 ➡️ Más info: https://t.co/OaDCjfK46V https://t.co/rD5vC8mJ26

    @CERTpy

    6 Apr 2026

    200 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-15517: TP-Link Archer routers allow unauthenticated firmware takeover. Your home network is your wealth perimeter. Sovereign Protocol: Replace foreign consumer routers immediately. Deploy enterprise-grade hardware. Segment networks. Verify firmware. #TheSovereignProtocol

    @sovereignexec

    28 Mar 2026

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. TRC analysis shows attackers exploiting TP-Link router authentication bypass (CVE-2025-15517) to upload malicious firmware and bridge network boundaries. The compromised devices enable lateral movement across network segments, effectively bypassing perimeter controls.

    @aviatrixtrc

    27 Mar 2026

    129 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. TP-Link warns users to patch critical router auth bypass flaw (CVE-2025-15517) via @BleepinComputer #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/2Bzl6QHk7o

    @proficioinc

    27 Mar 2026

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. TP-Linkが無線LANルータArcher NXシリーズの乗っ取りが可能な脆弱性を修正。CVE-2025-15517は管理画面の一部CGIエンドポイントにおける認証の欠如。ハードコードされた暗号鍵CVE-2025-15605、adminからのコマンドインジェ

    @__kokumoto

    26 Mar 2026

    904 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. https://t.co/cL9b1jNdIk TP-LinkのArcher NXルーターに認証バイパスなど重大な脆弱性(CVE-2025-15517等)が見つかりました。悪用されると端末を乗っ取られる恐れがありますよ。該当機種の方は至急ファームウェアの更新

    @Anti_Ch_PCgc

    26 Mar 2026

    145 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. TP-Link、認証バイパスの重大な脆弱性にパッチ(CVE-2025-15517他) | Codebook|Security News https://t.co/YMadgpKm5T

    @ohhara_shiojiri

    26 Mar 2026

    139 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🩹TP-Link、認証バイパスの重大な脆弱性にパッチ(CVE-2025-15517他) 🇬🇷有罪判決受けたスパイウェアメーカーIntellexaの創設者、複数の電話盗聴にギリシャ政府が関与していたと示唆 〜サイバーアラート3月26

    @MachinaRecord

    26 Mar 2026

    260 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  9. Falha de segurança em roteadores TP-Link: CVE-2025-15517 permite invasão sem senha https://t.co/W0zjU4dCJR

    @SempreUpdate

    25 Mar 2026

    146 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. TP-Link patches CVE-2025-15517 (CVSS 8.6) in Archer NX routers - unauthenticated attackers can upload arbitrary firmware via missing auth check on HTTP endpoints. If you run NX200/210/500/600, patch immediately. https://t.co/Ge3UPCEnxU #infosec #IoT #vulnerability

    @CyberDaily_News

    25 Mar 2026

    133 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. TP-Link patched critical auth-bypass flaw (CVE-2025-15517) in Archer NX routers allowing unauthenticated firmware upload and full device takeover; additional hardcoded key and command injection bugs also fixed. Patch immediately. #CyberSecurity #Vulnerability #Routers #TPLink

    @VivekIntel

    25 Mar 2026

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. TP-Link released firmware updates for Archer NX200, NX210, NX500, and NX600 routers to fix critical authentication bypass (CVE-2025-15517), remove hardcoded cryptographic keys, and patch command injection flaws. #TPLink #RouterFlaws #China https://t.co/2ONtJqzcqx

    @TweetThreatNews

    25 Mar 2026

    180 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. [Security Affairs] Patch now: TP-Link Archer NX routers vulnerable to firmware takeover. TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link... https://t.co/RD56ahlR40

    @shah_sheikh

    25 Mar 2026

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 TP-LINK ALERTA PARA FALHA CRÍTICA EM ROTEADORES ARCHER NX Vulnerabilidade CVE-2025-15517 permite bypass de autenticação e upload de firmware. Atacantes podem assumir controle total do dispositivo sem credenciais. Histórico da TP-Link inclui exploração por botnets co

    @EloViral

    25 Mar 2026

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. BREAKING: TP-Link patches critical CVE-2025-15517 in Archer NX200, NX210, NX500, NX600 routers that allowed unauthenticated firmware uploads. https://t.co/yuoWUESeLq

    @threatcluster

    25 Mar 2026

    126 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.CVE-2026-31748
  2. Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.CVE-2024-54011
  3. A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.CVE-2026-25775
  4. The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.CVE-2025-14858
  5. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616

References

Sources include official advisories and independent security research.