Medium severity5.6NVD Advisory· Published Feb 5, 2026· Updated Apr 22, 2026
CVE-2025-15551
CVE-2025-15551
Description
The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:o:tp-link:archer_mr200_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:tp-link:archer_mr200_firmware:*:*:*:*:*:*:*:*range: <250917
- (no CPE)range: = v5.2
- cpe:2.3:o:tp-link:tl-wr850n_firmware:*:*:*:*:*:*:*:*Range: <0.9.1_Build251205
- Range: = v5, = v6
Patches
Vulnerability mechanics
References
10- www.tp-link.com/us/support/faq/4948/nvdVendor Advisory
- www.tp-link.com/en/support/download/archer-c20/v6/nvdProduct
- www.tp-link.com/en/support/download/archer-mr200/v5.20/nvdProduct
- www.tp-link.com/en/support/download/tl-wr845n/nvdProduct
- www.tp-link.com/in/support/download/archer-c20/v6/nvdProduct
- www.tp-link.com/in/support/download/archer-mr200/v5.20/nvdProduct
- www.tp-link.com/in/support/download/tl-wr845n/nvdProduct
- www.tp-link.com/in/support/download/tl-wr850n/nvdProduct
- www.tp-link.com/en/support/download/archer-c20/v5/nvd
- www.tp-link.com/us/support/download/archer-c20/v5/nvd
News mentions
0No linked articles in our index yet.