Plataforma
other
Corregido en
1.3.0 Build 260309
1.3.0 Build 260311
1.4.0 Build 260311
1.5.0 Build 260309
CVE-2025-15517 describes a critical authentication bypass vulnerability discovered in TP-Link Archer NX series routers (NX200, NX210, NX500, and NX600). This flaw allows an attacker to perform privileged HTTP actions without authentication, potentially leading to unauthorized configuration changes and firmware manipulation. The vulnerability impacts devices running versions up to and including 1.8.0 Build 260311, and a fix is available in version 1.8.0 Build 260311.
The impact of CVE-2025-15517 is significant due to the ease of exploitation and the potential for complete device compromise. An attacker can leverage this vulnerability to upload malicious firmware, effectively bricking the device or installing malware. They can also modify the router's configuration, redirecting traffic, creating backdoors, or stealing sensitive data. This vulnerability presents a serious risk to network security, as a compromised router can serve as a pivot point for attacks against other devices on the network. The ability to perform privileged actions without authentication significantly lowers the barrier to entry for attackers.
CVE-2025-15517 was publicly disclosed on 2026-03-23. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the ease of exploitation suggests a potential for medium to high probability of exploitation if a PoC is released. It is not currently listed on the CISA KEV catalog.
Home users and small businesses relying on TP-Link Archer NX series routers are at risk. Shared hosting environments utilizing these routers for network management are also vulnerable. Users with legacy configurations or those who have not regularly updated their router firmware are particularly susceptible.
disclosure
Estado del Exploit
EPSS
0.05% (15% percentil)
CISA SSVC
The primary mitigation for CVE-2025-15517 is to immediately upgrade affected TP-Link Archer NX series routers to firmware version 1.8.0 Build 260311 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of the vulnerability, restricting access to the vulnerable CGI endpoints from untrusted networks can provide a layer of defense. Monitor router logs for unusual activity, particularly unauthorized configuration changes or firmware uploads. After upgrading, confirm the fix by attempting to access the vulnerable CGI endpoints without authentication; access should be denied.
Actualice el firmware de su router TP-Link Archer NX200, NX210, NX500 o NX600 a la última versión disponible en el sitio web oficial de TP-Link. Esto corregirá la vulnerabilidad de omisión de autenticación en los endpoints HTTP y evitará el acceso no autorizado.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-15517 is an authentication bypass vulnerability affecting TP-Link Archer NX200, NX210, NX500, and NX600 routers, allowing unauthorized privileged actions.
You are affected if you are using a TP-Link Archer NX200, NX210, NX500, or NX600 router running firmware versions ≤1.8.0 Build 260311.
Upgrade your router to firmware version 1.8.0 Build 260311 or later to patch the vulnerability.
As of the public disclosure date, there are no confirmed reports of active exploitation, but the ease of exploitation warrants caution.
Refer to the TP-Link security advisory for detailed information and firmware updates: [Placeholder - TP-Link Advisory Link]
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.