CVE-2025-15517
Published: 23 March 2026
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-15517, published on 2026-03-23, is a missing authentication check vulnerability (CWE-306) in the HTTP server of TP-Link Archer NX200, NX210, NX500, and NX600 routers. The flaw affects certain CGI endpoints, enabling unauthenticated access to features intended exclusively for authenticated users. It carries a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
An unauthenticated attacker on an adjacent network can exploit this low-complexity vulnerability without user interaction. Exploitation allows performance of privileged HTTP actions, such as firmware uploads and configuration operations, resulting in high confidentiality and integrity impacts.
TP-Link provides firmware updates for mitigation on dedicated support download pages for the Archer NX200, NX210, NX500, and NX600 models, along with additional guidance in their FAQ at https://www.tp-link.com/us/support/faq/5027/.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Missing authentication in HTTP server CGI endpoints enables unauthenticated attackers to exploit public-facing router web application for privileged actions like firmware uploads and configuration changes.