8.5
CVE-2025-15605
- EPSS 0.13%
- Veröffentlicht 23.03.2026 18:16:24
- Zuletzt bearbeitet 31.03.2026 19:04:37
- Quelle f23511db-6c3e-4e32-a477-6aa17d
- CVE-Watchlists
- Unerledigt
Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-link ≫ Archer Nx600 Firmware Version < 1.3.0
Tp-link ≫ Archer Nx500 Firmware Version < 1.5.0
Tp-link ≫ Archer Nx210 Firmware Version < 1.3.0
Tp-link ≫ Archer Nx200 Firmware Version < 1.3.0
Tp-link ≫ Archer Nx600 Firmware Version < 1.3.0
Tp-link ≫ Archer Nx600 Firmware Version < 1.4.0
Tp-link ≫ Archer Nx500 Firmware Version < 1.3.0
Tp-link ≫ Archer Nx210 Firmware Version < 1.3.0
Tp-link ≫ Archer Nx200 Firmware Version < 1.3.0
Tp-link ≫ Archer Nx200 Firmware Version < 1.8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.031 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 2.1 | 5.2 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| f23511db-6c3e-4e32-a477-6aa17d310630 | 8.5 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-321 Use of Hard-coded Cryptographic Key
The product uses a hard-coded, unchangeable cryptographic key.
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.tp-link.com/en/support/download/archer-nx200/#Firmware
https://www.tp-link.com/en/support/download/archer-nx210/#Firmware
https://www.tp-link.com/en/support/download/archer-nx500/#Firmware
https://www.tp-link.com/en/support/download/archer-nx600/#Firmware
https://www.tp-link.com/us/support/faq/5027/