Critical Vulnerabilities in TP-Link Archer Routers Expose Users to Attacks

Severity: High (Score: 74.0)

Sources: Bleepingcomputer, Heise.De, Reddit, Cybersecuritynews, Csa.Sg

Summary

TP-Link has patched multiple critical vulnerabilities in its Archer NX router series, specifically affecting models NX200, NX210, NX500, and NX600. The most severe flaw, CVE-2025-15517, allows unauthenticated attackers to bypass authentication and upload malicious firmware. Other vulnerabilities, CVE-2025-15518 and CVE-2025-15519, enable authenticated attackers to execute arbitrary commands on the operating system. Additionally, CVE-2025-15605 allows attackers to decrypt and modify configuration files. Users are urged to update to the latest firmware versions immediately to mitigate risks. The vulnerabilities have been classified as high severity, with potential impacts on device confidentiality, integrity, and availability. There are no reports of ongoing exploitation at this time, but the vulnerabilities have been flagged by cybersecurity agencies. The situation is compounded by a lawsuit against TP-Link alleging deceptive security practices. Key Points: • TP-Link patched critical vulnerabilities in Archer NX series routers affecting multiple models. • CVE-2025-15517 allows unauthenticated firmware uploads, posing severe risks to users. • Users are strongly advised to update their firmware immediately to prevent exploitation.

Key Entities

• Botnet (attack_type)
• Malware (attack_type)
• Zero-day Exploit (attack_type)
• CISA (company)
• TP-Link (company)
• Singapore (country)
• CVE-2015-3035 (cve)
• CVE-2023-50224 (cve)
• CVE-2025-15517 (cve)
• CVE-2025-15518 (cve)
• CVE-2025-15519 (cve)
• Quad7 Botnet (malware)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1557 - Adversary-in-the-Middle (mitre_attack)
• Archer NX (platform)
• Archer Nx200 (platform)
• Archer Nx210 (platform)
• Archer Nx500 (platform)
• Archer Nx600 (platform)
• Directory Traversal (vulnerability)