1. Home
  2. CVE Database
  3. CVE-2025-15551
MEDIUM · 5.6

CVE-2025-15551

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. A...

Vulnerability Description

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Tp-LinkArcher Mr200 Firmware< 250917
Tp-LinkArcher Mr2005.20
Tp-LinkArcher C20 Firmware< 250630
Tp-LinkArcher C206
Tp-LinkTl-Wr850N Firmware< 0.9.1_Build251205
Tp-LinkTl-Wr850N3
Tp-LinkTl-Wr845N Firmware< 251031
Tp-LinkTl-Wr845N4

Related Weaknesses (CWE)

CWE-95

References

FAQ

What is CVE-2025-15551?

CVE-2025-15551 is a vulnerability with a CVSS score of 5.6 (MEDIUM). The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. A...

How severe is CVE-2025-15551?

CVE-2025-15551 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-15551?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Archer Mr200 Firmware, Tp-Link Archer Mr200, Tp-Link Archer C20 Firmware, Tp-Link Archer C20, Tp-Link Tl-Wr850N Firmware.