平台
other
修复版本
1.3.0 Build 260309
1.3.0 Build 260311
1.4.0 Build 260311
1.5.0 Build 260309
CVE-2025-15517 describes a critical authentication bypass vulnerability discovered in TP-Link Archer NX series routers (NX200, NX210, NX500, and NX600). This flaw allows an attacker to perform privileged HTTP actions without authentication, potentially leading to unauthorized configuration changes and firmware manipulation. The vulnerability impacts devices running versions up to and including 1.8.0 Build 260311, and a fix is available in version 1.8.0 Build 260311.
The impact of CVE-2025-15517 is significant due to the ease of exploitation and the potential for complete device compromise. An attacker can leverage this vulnerability to upload malicious firmware, effectively bricking the device or installing malware. They can also modify the router's configuration, redirecting traffic, creating backdoors, or stealing sensitive data. This vulnerability presents a serious risk to network security, as a compromised router can serve as a pivot point for attacks against other devices on the network. The ability to perform privileged actions without authentication significantly lowers the barrier to entry for attackers.
CVE-2025-15517 was publicly disclosed on 2026-03-23. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the ease of exploitation suggests a potential for medium to high probability of exploitation if a PoC is released. It is not currently listed on the CISA KEV catalog.
Home users and small businesses relying on TP-Link Archer NX series routers are at risk. Shared hosting environments utilizing these routers for network management are also vulnerable. Users with legacy configurations or those who have not regularly updated their router firmware are particularly susceptible.
disclosure
漏洞利用状态
EPSS
0.05% (15% 百分位)
CISA SSVC
The primary mitigation for CVE-2025-15517 is to immediately upgrade affected TP-Link Archer NX series routers to firmware version 1.8.0 Build 260311 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement due to the nature of the vulnerability, restricting access to the vulnerable CGI endpoints from untrusted networks can provide a layer of defense. Monitor router logs for unusual activity, particularly unauthorized configuration changes or firmware uploads. After upgrading, confirm the fix by attempting to access the vulnerable CGI endpoints without authentication; access should be denied.
将您的 TP-Link Archer NX200, NX210, NX500 或 NX600 路由器更新到 TP-Link 官方网站上提供的最新固件版本。这将修复 HTTP 端点上的身份验证绕过漏洞,并防止未经授权的访问。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-15517 is an authentication bypass vulnerability affecting TP-Link Archer NX200, NX210, NX500, and NX600 routers, allowing unauthorized privileged actions.
You are affected if you are using a TP-Link Archer NX200, NX210, NX500, or NX600 router running firmware versions ≤1.8.0 Build 260311.
Upgrade your router to firmware version 1.8.0 Build 260311 or later to patch the vulnerability.
As of the public disclosure date, there are no confirmed reports of active exploitation, but the ease of exploitation warrants caution.
Refer to the TP-Link security advisory for detailed information and firmware updates: [Placeholder - TP-Link Advisory Link]