Vulnerability Description
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Archer Nx600 Firmware | < 1.3.0 |
| Tp-Link | Archer Nx600 | 3.0 |
| Tp-Link | Archer Nx500 Firmware | < 1.5.0 |
| Tp-Link | Archer Nx500 | 2.0 |
| Tp-Link | Archer Nx210 Firmware | < 1.3.0 |
| Tp-Link | Archer Nx210 | 3.0 |
| Tp-Link | Archer Nx200 Firmware | < 1.3.0 |
| Tp-Link | Archer Nx200 | 3.0 |
Related Weaknesses (CWE)
References
- https://www.tp-link.com/en/support/download/archer-nx200/#FirmwareProduct
- https://www.tp-link.com/en/support/download/archer-nx210/#FirmwareProduct
- https://www.tp-link.com/en/support/download/archer-nx500/#FirmwareProduct
- https://www.tp-link.com/en/support/download/archer-nx600/#FirmwareProduct
- https://www.tp-link.com/us/support/faq/5027/Vendor Advisory
FAQ
What is CVE-2025-15519?
CVE-2025-15519 is a vulnerability with a CVSS score of 7.2 (HIGH). Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An ...
How severe is CVE-2025-15519?
CVE-2025-15519 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15519?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Archer Nx600 Firmware, Tp-Link Archer Nx600, Tp-Link Archer Nx500 Firmware, Tp-Link Archer Nx500, Tp-Link Archer Nx210 Firmware.