PT-2026-27162 · Tp Link · Archer Nx500+3
Saifeldeen Aziz
·
Published
2026-03-23
·
Updated
2026-03-28
·
CVE-2025-15517
CVSS v4.0
8.6
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TP-Link Archer NX200
TP-Link Archer NX210
TP-Link Archer NX500
TP-Link Archer NX600
Description
A flaw exists in the HTTP server of the affected devices due to a missing authentication check when accessing specific CGI endpoints. This allows attackers to perform actions intended for authenticated users without proper authorization. These actions include firmware upload and configuration operations. The vulnerable CGI endpoints allow unauthenticated access to privileged HTTP functions.
Recommendations
Apply the latest firmware updates available from TP-Link for the Archer NX200.
Apply the latest firmware updates available from TP-Link for the Archer NX210.
Apply the latest firmware updates available from TP-Link for the Archer NX500.
Apply the latest firmware updates available from TP-Link for the Archer NX600.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archer Nx200
Archer Nx210
Archer Nx500
Archer Nx600