CVE-2025-15517

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: f23511db-6c3e-4e32-a477-6aa17d310630

Attack Vector: adjacent

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.

306

Missing Authentication for Critical Function

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Other

Potential Impacts:

Gain Privileges Or Assume Identity Varies By Context

Applicable Platforms

Technologies: Cloud Computing, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://www.tp-link.com/en/support/download/archer-nx200/#F…

https://www.tp-link.com/en/support/download/archer-nx200/#Firmware

https://www.tp-link.com/en/support/download/archer-nx210/#F…

https://www.tp-link.com/en/support/download/archer-nx210/#Firmware

https://www.tp-link.com/en/support/download/archer-nx500/#F…

https://www.tp-link.com/en/support/download/archer-nx500/#Firmware

https://www.tp-link.com/en/support/download/archer-nx600/#F…

https://www.tp-link.com/en/support/download/archer-nx600/#Firmware

https://www.tp-link.com/us/support/faq/5027/

https://www.tp-link.com/us/support/faq/5027/