PT-2026-27162 · Tp Link · Archer Nx500+3
Saifeldeen Aziz
·
Publicado
2026-03-23
·
Atualizado
2026-03-28
·
CVE-2025-15517
CVSS v4.0
8.6
Alta
| Vetor | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TP-Link Archer NX200
TP-Link Archer NX210
TP-Link Archer NX500
TP-Link Archer NX600
Description
A flaw exists in the HTTP server of the affected devices due to a missing authentication check when accessing specific CGI endpoints. This allows attackers to perform actions intended for authenticated users without proper authorization. These actions include firmware upload and configuration operations. The vulnerable CGI endpoints allow unauthenticated access to privileged HTTP functions.
Recommendations
Apply the latest firmware updates available from TP-Link for the Archer NX200.
Apply the latest firmware updates available from TP-Link for the Archer NX210.
Apply the latest firmware updates available from TP-Link for the Archer NX500.
Apply the latest firmware updates available from TP-Link for the Archer NX600.
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Archer Nx200
Archer Nx210
Archer Nx500
Archer Nx600