CVE-2025-15605

Published Mar 23, 2026

Last updated a month ago

CVSS high 8.5
Firmware

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-15605 describes a vulnerability found in several TP-Link Archer NX series routers, specifically the NX200, NX210, NX500, and NX600 models. This flaw stems from a hardcoded cryptographic key embedded within the devices' configuration mechanism. An authenticated attacker can exploit this hardcoded key to decrypt configuration files, make unauthorized modifications, and then re-encrypt them. This capability compromises the confidentiality and integrity of the router's configuration data.

Description
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.
Source
f23511db-6c3e-4e32-a477-6aa17d310630
NVD status
Analyzed
Products
archer_nx600_firmware, archer_nx500_firmware, archer_nx210_firmware, archer_nx200_firmware

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.5
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
7.3
Impact score
5.2
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity
HIGH

Weaknesses

f23511db-6c3e-4e32-a477-6aa17d310630
CWE-321
nvd@nist.gov
CWE-798

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerabilidades en productos TP-Link ❗ CVE-2025-15605 ❗ CVE-2025-15517 ➡️ Más info: https://t.co/OaDCjfK46V https://t.co/rD5vC8mJ26

    @CERTpy

    6 Apr 2026

    200 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. TP-Link has released patches for CVE-2025-15519 and CVE-2025-15605 https://t.co/rz6s1oivyg via @HostingTech https://t.co/aDE11pQXuv

    @HostingTechNet

    28 Mar 2026

    98 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. TP-Linkが無線LANルータArcher NXシリーズの乗っ取りが可能な脆弱性を修正。CVE-2025-15517は管理画面の一部CGIエンドポイントにおける認証の欠如。ハードコードされた暗号鍵CVE-2025-15605、adminからのコマンドインジェ

    @__kokumoto

    26 Mar 2026

    904 Impressions

    2 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.CVE-2026-31748
  2. Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.CVE-2024-54011
  3. A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.CVE-2026-25775
  4. The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.CVE-2025-14858
  5. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616

References

Sources include official advisories and independent security research.