CVE-2025-15517

Medienbericht

EPSS 0.07%
Veröffentlicht 23.03.2026 18:16:22
Zuletzt bearbeitet 31.03.2026 19:08:33
Quelle f23511db-6c3e-4e32-a477-6aa17d
CVE-Watchlists
Login
Unerledigt
Login

Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

NVD 10 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Archer Nx600 Firmware Version < 1.3.0

Tp-link ≫ Archer Nx600 Version3.0

Tp-link ≫ Archer Nx500 Firmware Version < 1.5.0

Tp-link ≫ Archer Nx500 Version2.0

Tp-link ≫ Archer Nx210 Firmware Version < 1.3.0

Tp-link ≫ Archer Nx210 Version3.0

Tp-link ≫ Archer Nx200 Firmware Version < 1.3.0

Tp-link ≫ Archer Nx200 Version3.0

Tp-link ≫ Archer Nx600 Firmware Version < 1.3.0

Tp-link ≫ Archer Nx600 Version2.0

Tp-link ≫ Archer Nx600 Firmware Version < 1.4.0

Tp-link ≫ Archer Nx600 Version1.0

Tp-link ≫ Archer Nx500 Firmware Version < 1.3.0

Tp-link ≫ Archer Nx500 Version1.0

Tp-link ≫ Archer Nx210 Firmware Version < 1.3.0

Tp-link ≫ Archer Nx210 Version2.0
Tp-link ≫ Archer Nx210 Version2.20

Tp-link ≫ Archer Nx200 Firmware Version < 1.3.0

Tp-link ≫ Archer Nx200 Version2.0
Tp-link ≫ Archer Nx200 Version2.20

Tp-link ≫ Archer Nx200 Firmware Version < 1.8.0

Tp-link ≫ Archer Nx200 Version1.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.214

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
f23511db-6c3e-4e32-a477-6aa17d310630	8.6	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html

Media Report

https://www.heise.de/news/Angreifer-koennen-manipulierte-Firmware-auf-TP-Link-Router-laden-11224988.html

Media Report

https://www.bleepingcomputer.com/news/security/tp-link-warns-users-to-patch-critical-router-auth-bypass-flaw/

Media Report

https://www.tp-link.com/en/support/download/archer-nx200/#Firmware

Product

https://www.tp-link.com/en/support/download/archer-nx210/#Firmware

Product

https://www.tp-link.com/en/support/download/archer-nx500/#Firmware

Product