CVE-2025-15517
Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
| CWE | CWE-306 |
| Vendor | tp-link systems inc. |
| Product | archer nx600 v3.0 |
| Published | Mar 23, 2026 |
| Last Updated | Mar 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. archer nx600 v3.0
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. archer nx600 v3.0 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
TP-Link Systems Inc. / Archer NX600 v3.0
0 < 1.3.0 Build 260309
TP-Link Systems Inc. / Archer NX600 v2.0
0 < 1.3.0 Build 260311
TP-Link Systems Inc. / Archer NX600 v1.0
0 < 1.4.0 Build 260311
TP-Link Systems Inc. / Archer NX500 v2.0
0 < < 1.5.0 Build 260309
TP-Link Systems Inc. / Archer NX500 v1.0
0 < 1.3.0 Build 260311
TP-Link Systems Inc. / Archer NX210 v3.0
0 < 1.3.0 Build 260309
TP-Link Systems Inc. / Archer NX210 v2.0 v2.20
0 < 1.3.0 Build 260311
TP-Link Systems Inc. / Archer NX200 v3.0
0 < < 1.3.0 Build 260309
TP-Link Systems Inc. / Archer NX200 v2.20
0 < 1.3.0 Build 260311
TP-Link Systems Inc. / Archer NX200 v2.0
0 < 1.3.0 Build 260311
TP-Link Systems Inc. / Archer NX200 v1.0
0 < 1.8.0 Build 260311
References
tp-link.com: https://www.tp-link.com/en/support/download/archer-nx200/#Firmware tp-link.com: https://www.tp-link.com/en/support/download/archer-nx210/#Firmware tp-link.com: https://www.tp-link.com/en/support/download/archer-nx500/#Firmware tp-link.com: https://www.tp-link.com/en/support/download/archer-nx600/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/5027/
Credits
Saifeldeen Aziz from Cyshield