High severity8.1NVD Advisory· Published Mar 23, 2026· Updated Mar 31, 2026
CVE-2025-15517
CVE-2025-15517
Description
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*range: <1.3.0
- cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*range: <1.5.0
Patches
Vulnerability mechanics
References
5- www.tp-link.com/us/support/faq/5027/nvdVendor Advisory
- www.tp-link.com/en/support/download/archer-nx200/nvdProduct
- www.tp-link.com/en/support/download/archer-nx210/nvdProduct
- www.tp-link.com/en/support/download/archer-nx500/nvdProduct
- www.tp-link.com/en/support/download/archer-nx600/nvdProduct
News mentions
1- 30th March – Threat Intelligence ReportCheck Point Research · Mar 30, 2026