TP-Link Archer NX200, NX210, NX500 和 NX600 HTTP 服务器端点上的授权绕过
平台
other
修复版本
1.3.0 Build 260309
1.3.0 Build 260311
1.4.0 Build 260311
1.5.0 Build 260309
CVE-2025-15517 describes a critical authentication bypass vulnerability discovered in TP-Link Archer NX series routers (NX200, NX210, NX500, and NX600). This flaw allows an attacker to perform privileged HTTP actions without authentication, potentially leading to unauthorized configuration changes and firmware manipulation. The vulnerability impacts devices running versions up to and including 1.8.0 Build 260311, and a fix is available in version 1.8.0 Build 260311.
影响与攻击场景翻译中…
The impact of CVE-2025-15517 is significant due to the ease of exploitation and the potential for complete device compromise. An attacker can leverage this vulnerability to upload malicious firmware, effectively bricking the device or installing malware. They can also modify the router's configuration, redirecting traffic, creating backdoors, or stealing sensitive data. This vulnerability presents a serious risk to network security, as a compromised router can serve as a pivot point for attacks against other devices on the network. The ability to perform privileged actions without authentication significantly lowers the barrier to entry for attackers.
利用背景翻译中…
CVE-2025-15517 was publicly disclosed on 2026-03-23. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the ease of exploitation suggests a potential for medium to high probability of exploitation if a PoC is released. It is not currently listed on the CISA KEV catalog.
哪些人处于风险中翻译中…
Home users and small businesses relying on TP-Link Archer NX series routers are at risk. Shared hosting environments utilizing these routers for network management are also vulnerable. Users with legacy configurations or those who have not regularly updated their router firmware are particularly susceptible.
攻击时间线
- Disclosure
disclosure
威胁情报
漏洞利用状态
EPSS
0.05% (15% 百分位)
CISA SSVC
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2025-15517 is to immediately upgrade affected TP-Link Archer NX series routers to firmware version 1.8.0 Build 260311 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of the vulnerability, restricting access to the vulnerable CGI endpoints from untrusted networks can provide a layer of defense. Monitor router logs for unusual activity, particularly unauthorized configuration changes or firmware uploads. After upgrading, confirm the fix by attempting to access the vulnerable CGI endpoints without authentication; access should be denied.
修复方法
将您的 TP-Link Archer NX200, NX210, NX500 或 NX600 路由器更新到 TP-Link 官方网站上提供的最新固件版本。这将修复 HTTP 端点上的身份验证绕过漏洞,并防止未经授权的访问。
CVE 安全通讯
漏洞分析和关键警报直接发送到您的邮箱。
常见问题翻译中…
What is CVE-2025-15517 — Auth Bypass in TP-Link Archer NX Series?
CVE-2025-15517 is an authentication bypass vulnerability affecting TP-Link Archer NX200, NX210, NX500, and NX600 routers, allowing unauthorized privileged actions.
Am I affected by CVE-2025-15517 in TP-Link Archer NX Series?
You are affected if you are using a TP-Link Archer NX200, NX210, NX500, or NX600 router running firmware versions ≤1.8.0 Build 260311.
How do I fix CVE-2025-15517 in TP-Link Archer NX Series?
Upgrade your router to firmware version 1.8.0 Build 260311 or later to patch the vulnerability.
Is CVE-2025-15517 being actively exploited?
As of the public disclosure date, there are no confirmed reports of active exploitation, but the ease of exploitation warrants caution.
Where can I find the official TP-Link advisory for CVE-2025-15517?
Refer to the TP-Link security advisory for detailed information and firmware updates: [Placeholder - TP-Link Advisory Link]