TP-Link Router Security Flaw Requires Immediate Patch
▼ Summary
– TP-Link patched a critical flaw (CVE-2025-15517) in its Archer NX routers that lets attackers bypass authentication and upload firmware.
– The company also fixed a hardcoded key flaw (CVE-2025-15605) that allowed the decryption and modification of router configuration files.
– Two command injection vulnerabilities (CVE-2025-15518, CVE-2025-15519) were patched, which could let admin users run arbitrary commands.
– TP-Link has a recent history of patching issues, including a September zero-day and flaws flagged by CISA as actively exploited.
– Regulatory actions include a Texas lawsuit over deceptive security claims and a new FCC rule banning sales of foreign-made consumer routers.
A critical security vulnerability in several TP-Link Archer NX router models requires immediate user action. The company has released patches for a flaw that could allow unauthorized individuals to bypass login protections and take full control of the device. This issue, identified as CVE-2025-15517, impacts the Archer NX200, NX210, NX500, and NX600 models. According to TP-Link, the problem originates from a missing authentication check in the router’s web interface, permitting unauthenticated access to functions reserved for verified administrators. An attacker exploiting this weakness could perform privileged HTTP actions, including uploading new firmware and altering device configurations.
Alongside this primary flaw, TP-Link resolved additional security weaknesses. The company removed a hardcoded cryptographic key, tracked as CVE-2025-15605, which had allowed authenticated users to decrypt, modify, and re-encrypt router configuration files. It also patched two separate command injection vulnerabilities, CVE-2025-15518 and CVE-2025-15519, that could enable administrators to execute arbitrary commands on the system. TP-Link strongly urges all customers to download and install the latest firmware update immediately to mitigate these risks. The advisory warns that failing to apply the patch leaves the vulnerability active, and the company states it cannot be responsible for consequences that could have been avoided by following its guidance.
This incident is part of a broader pattern of security concerns surrounding TP-Link devices. Last September, the company hurried to patch a zero-day vulnerability affecting multiple router lines after initially delaying a fix. That flaw allowed attackers to intercept unencrypted traffic, redirect DNS queries, and inject malicious code. Furthermore, the U. S. Cybersecurity and Infrastructure Security Agency, or CISA, has added multiple TP-Link flaws to its Known Exploited Vulnerabilities catalog, including two last September that were actively exploited by the Quad7 botnet. In total, CISA has flagged six TP-Link vulnerabilities as being used in attacks.
Regulatory and legal scrutiny of the company’s products has intensified. Earlier this year, the Texas Attorney General filed a lawsuit against TP-Link, alleging the company deceptively marketed its routers as secure while firmware vulnerabilities allowed access by state-sponsored hacking groups. In a related move this week, the U. S. Federal Communications Commission updated its Covered List to include all consumer routers manufactured in foreign countries, effectively banning the sale of new models made outside the U. S. due to what it calls an unacceptable national security risk. These developments underscore the critical importance of maintaining updated router firmware as a fundamental component of home network security.
(Source: BleepingComputer)