8.6

CVE-2025-15517

Medienbericht

Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkArcher Nx600 Firmware Version < 1.3.0
   Tp-linkArcher Nx600 Version3.0
Tp-linkArcher Nx500 Firmware Version < 1.5.0
   Tp-linkArcher Nx500 Version2.0
Tp-linkArcher Nx210 Firmware Version < 1.3.0
   Tp-linkArcher Nx210 Version3.0
Tp-linkArcher Nx200 Firmware Version < 1.3.0
   Tp-linkArcher Nx200 Version3.0
Tp-linkArcher Nx600 Firmware Version < 1.3.0
   Tp-linkArcher Nx600 Version2.0
Tp-linkArcher Nx600 Firmware Version < 1.4.0
   Tp-linkArcher Nx600 Version1.0
Tp-linkArcher Nx500 Firmware Version < 1.3.0
   Tp-linkArcher Nx500 Version1.0
Tp-linkArcher Nx210 Firmware Version < 1.3.0
   Tp-linkArcher Nx210 Version2.0
   Tp-linkArcher Nx210 Version2.20
Tp-linkArcher Nx200 Firmware Version < 1.3.0
   Tp-linkArcher Nx200 Version2.0
   Tp-linkArcher Nx200 Version2.20
Tp-linkArcher Nx200 Firmware Version < 1.8.0
   Tp-linkArcher Nx200 Version1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.14% 0.862
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
f23511db-6c3e-4e32-a477-6aa17d310630 8.6 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
01.04.2026 09:30
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
26.03.2026 10:09
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
25.03.2026 12:38
https://www.tp-link.com/en/support/download/archer-nx200/#Firmware
Product
https://www.tp-link.com/en/support/download/archer-nx210/#Firmware
Product
https://www.tp-link.com/en/support/download/archer-nx500/#Firmware
Product
https://www.tp-link.com/en/support/download/archer-nx600/#Firmware
Product
https://www.tp-link.com/us/support/faq/5027/
Vendor Advisory