TP-Hyperlink has patched a number of vulnerabilities in its Archer NX router collection, together with a critical-severity flaw that will enable attackers to bypass authentication and add new firmware.
Tracked as CVE-2025-15517, this security flaw impacts Archer NX200, NX210, NX500, and NX600 wi-fi routers and stems from a lacking authentication weak point that attackers can exploit with out privileges.
“A lacking authentication verify within the HTTP server to sure cgi endpoints permits unauthenticated entry meant for authenticated customers,” TP-Hyperlink defined earlier this week when it launched security updates that tackle the vulnerability.
“An attacker could carry out privileged HTTP actions with out authentication, together with firmware add and configuration operations.”
TP-Hyperlink additionally eliminated a hardcoded cryptographic key (CVE-2025-15605) within the configuration mechanism, which allowed authenticated attackers to decrypt configuration information, modify them, and re-encrypt them.
Moreover, it addressed two command injection vulnerabilities (CVE-2025-15518 and CVE-2025-15519) that allow risk actors with admin privileges to execute arbitrary instructions.
The corporate “strongly” really helpful that clients obtain and set up the most recent firmware model to dam potential assaults exploiting these flaws.
“If you don’t take all really helpful actions, this vulnerability will stay. TP-Hyperlink can’t bear any accountability for penalties that might have been prevented by following this advisory,” it added.
In September, TP-Hyperlink was pressured to hurry out patches for a zero-day vulnerability impacting a number of router fashions after failing to launch patches following a Could 2024 report. The unpatched security flaw allowed attackers to intercept or manipulate unencrypted visitors, reroute DNS queries to malicious servers, and inject malicious payloads into internet periods.
CISA added two different TP-Hyperlink flaws (CVE-2023-50224 and CVE-2025-9377) to its Identified Exploited Vulnerability catalog in September, which the Quad7 botnet has been exploiting to compromise susceptible routers.
In complete, the U.S. cybersecurity company has flagged six TP-Hyperlink vulnerabilities as exploited in assaults, the oldest being a listing traversal vulnerability (CVE-2015-3035) affecting a number of Archer gadgets.
Texas Lawyer Basic Paxton sued TP-Hyperlink Techniques in February, accusing the corporate of deceptively selling its routers as safe whereas permitting Chinese language state-sponsored hacking teams to use firmware vulnerabilities and entry customers’ gadgets.
Malware is getting smarter. The Crimson Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your security stack is blinded.
