PT-2026-6600 · Tp Link · C20+3
Published
2026-02-05
·
Updated
2026-02-05
·
CVE-2025-15551
CVSS v4.0
5.9
Medium
| Vector | AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TP-Link Archer MR200 version 5.2
TP-Link C20 version 6
TP-Link TL-WR850N version 3
TP-Link TL-WR845N version 4
Description
The response from the devices is executed by a JavaScript function, such as
eval, without proper validation. This allows attackers to inject and execute JavaScript code on the router's admin web portal through a Man-in-the-Middle (MitM) attack, without user consent.Recommendations
Update TP-Link Archer MR200 to a version prior to 5.2.
Update TP-Link C20 to a version prior to 6.
Update TP-Link TL-WR850N to a version prior to 3.
Update TP-Link TL-WR845N to a version prior to 4.
Fix
Eval Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archer Mr200
C20
Tl-Wr845N
Tl-Wr850N