Vulnerability Description
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Archer Nx600 Firmware | < 1.3.0 |
| Tp-Link | Archer Nx600 | 3.0 |
| Tp-Link | Archer Nx500 Firmware | < 1.5.0 |
| Tp-Link | Archer Nx500 | 2.0 |
| Tp-Link | Archer Nx210 Firmware | < 1.3.0 |
| Tp-Link | Archer Nx210 | 3.0 |
| Tp-Link | Archer Nx200 Firmware | < 1.3.0 |
| Tp-Link | Archer Nx200 | 3.0 |
Related Weaknesses (CWE)
References
- https://www.tp-link.com/en/support/download/archer-nx200/#FirmwareProduct
- https://www.tp-link.com/en/support/download/archer-nx210/#FirmwareProduct
- https://www.tp-link.com/en/support/download/archer-nx500/#FirmwareProduct
- https://www.tp-link.com/en/support/download/archer-nx600/#FirmwareProduct
- https://www.tp-link.com/us/support/faq/5027/Vendor Advisory
FAQ
What is CVE-2025-15517?
CVE-2025-15517 is a vulnerability with a CVSS score of 8.1 (HIGH). A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker m...
How severe is CVE-2025-15517?
CVE-2025-15517 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15517?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Archer Nx600 Firmware, Tp-Link Archer Nx600, Tp-Link Archer Nx500 Firmware, Tp-Link Archer Nx500, Tp-Link Archer Nx210 Firmware.