Plateforme
other
Corrigé dans
1.3.0 Build 260309
1.3.0 Build 260311
1.4.0 Build 260311
1.5.0 Build 260309
CVE-2025-15517 describes a critical authentication bypass vulnerability discovered in TP-Link Archer NX series routers (NX200, NX210, NX500, and NX600). This flaw allows an attacker to perform privileged HTTP actions without authentication, potentially leading to unauthorized configuration changes and firmware manipulation. The vulnerability impacts devices running versions up to and including 1.8.0 Build 260311, and a fix is available in version 1.8.0 Build 260311.
The impact of CVE-2025-15517 is significant due to the ease of exploitation and the potential for complete device compromise. An attacker can leverage this vulnerability to upload malicious firmware, effectively bricking the device or installing malware. They can also modify the router's configuration, redirecting traffic, creating backdoors, or stealing sensitive data. This vulnerability presents a serious risk to network security, as a compromised router can serve as a pivot point for attacks against other devices on the network. The ability to perform privileged actions without authentication significantly lowers the barrier to entry for attackers.
CVE-2025-15517 was publicly disclosed on 2026-03-23. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the ease of exploitation suggests a potential for medium to high probability of exploitation if a PoC is released. It is not currently listed on the CISA KEV catalog.
Home users and small businesses relying on TP-Link Archer NX series routers are at risk. Shared hosting environments utilizing these routers for network management are also vulnerable. Users with legacy configurations or those who have not regularly updated their router firmware are particularly susceptible.
disclosure
Statut de l'Exploit
EPSS
0.05% (percentile 15%)
CISA SSVC
The primary mitigation for CVE-2025-15517 is to immediately upgrade affected TP-Link Archer NX series routers to firmware version 1.8.0 Build 260311 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of the vulnerability, restricting access to the vulnerable CGI endpoints from untrusted networks can provide a layer of defense. Monitor router logs for unusual activity, particularly unauthorized configuration changes or firmware uploads. After upgrading, confirm the fix by attempting to access the vulnerable CGI endpoints without authentication; access should be denied.
Mettez à jour le micrologiciel de votre routeur TP-Link Archer NX200, NX210, NX500 ou NX600 vers la dernière version disponible sur le site web officiel de TP-Link. Cela corrigera la vulnérabilité de contournement de l'authentification dans les points de terminaison HTTP et empêchera l'accès non autorisé.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-15517 is an authentication bypass vulnerability affecting TP-Link Archer NX200, NX210, NX500, and NX600 routers, allowing unauthorized privileged actions.
You are affected if you are using a TP-Link Archer NX200, NX210, NX500, or NX600 router running firmware versions ≤1.8.0 Build 260311.
Upgrade your router to firmware version 1.8.0 Build 260311 or later to patch the vulnerability.
As of the public disclosure date, there are no confirmed reports of active exploitation, but the ease of exploitation warrants caution.
Refer to the TP-Link security advisory for detailed information and firmware updates: [Placeholder - TP-Link Advisory Link]
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.