Critical Vulnerabilities in TP-Link Archer Routers Expose Users to Attacks

Critical Vulnerabilities in TP-Link Archer Routers Expose Users to Attacks

First seen 25 Mar 2026, 11:46 UTC GbhackersBleepingcomputerCybersecuritynewsSecurityaffairs.CoReddit+4 84% similarity 74.0

Article Content

Browse articles
ThreatCluster

TP-Link has patched multiple critical vulnerabilities in its Archer NX router series, specifically affecting models NX200, NX210, NX500, and NX600. The most severe flaw, CVE-2025-15517, allows unauthenticated attackers to bypass authentication and upload malicious firmware. Other vulnerabilities, CVE-2025-15518 and CVE-2025-15519, enable authenticated attackers to execute arbitrary commands on the operating system. Additionally, CVE-2025-15605 allows attackers to decrypt and modify configuration files. Users are urged to update to the latest firmware versions immediately to mitigate risks. The vulnerabilities have been classified as high severity, with potential impacts on device confidentiality, integrity, and availability. There are no reports of ongoing exploitation at this time, but the vulnerabilities have been flagged by cybersecurity agencies. The situation is compounded by a lawsuit against TP-Link alleging deceptive security practices.

Key Points: • TP-Link patched critical vulnerabilities in Archer NX series routers affecting multiple models. • CVE-2025-15517 allows unauthenticated firmware uploads, posing severe risks to users. • Users are strongly advised to update their firmware immediately to prevent exploitation.

ThreatCluster AI

Timeline

2015-04-17
CVE-2015-3035 published
2024-05-03
CVE-2023-50224 published
2025-08-29
CVE-2025-9377 published
2026-03-23
CVE-2025-15517, CVE-2025-15518, CVE-2025-15519, CVE-2025-15605 published
2026-03-24
TP-Link issues a security advisory for Archer NX vulnerabilities
2026-03-25
Patches released for Archer NX router vulnerabilities
2026-03-26
Cyber Security Agency of Singapore issues advisory on vulnerabilities

Community

Browse all →