CVE-2025-15605

CVSS v4.0

8.5

High

Vector

AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions TP-Link Archer NX200 TP-Link Archer NX210 TP-Link Archer NX500 TP-Link Archer NX600

Description A cryptographic key that is hardcoded into the configuration mechanism allows decryption and re-encryption of device configuration data. An authenticated attacker can decrypt configuration files, modify them, and re-encrypt them, which impacts the confidentiality and integrity of the device configuration data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-321

Related Identifiers

CVE-2025-15605

Affected Products

Archer Nx200

Archer Nx210

Archer Nx500

Archer Nx600

CVE-2025-15605

Weakness Enumeration

Related Identifiers

Affected Products

References · 7