Vulnerability Details CVE-2025-15605
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.7%
CVSS Severity
CVSS v3 Score 7.3
References
- https://www.tp-link.com/en/support/download/archer-nx200/#Firmware
- https://www.tp-link.com/en/support/download/archer-nx210/#Firmware
- https://www.tp-link.com/en/support/download/archer-nx500/#Firmware
- https://www.tp-link.com/en/support/download/archer-nx600/#Firmware
- https://www.tp-link.com/us/support/faq/5027/
Products affected by CVE-2025-15605
-
cpe:2.3:h:tp-link:archer_nx200:1.0
-
cpe:2.3:h:tp-link:archer_nx200:2.0
-
cpe:2.3:h:tp-link:archer_nx200:2.20
-
cpe:2.3:h:tp-link:archer_nx200:3.0
-
cpe:2.3:h:tp-link:archer_nx210:2.0
-
cpe:2.3:h:tp-link:archer_nx210:2.20
-
cpe:2.3:h:tp-link:archer_nx210:3.0
-
cpe:2.3:h:tp-link:archer_nx500:1.0
-
cpe:2.3:h:tp-link:archer_nx500:2.0
-
cpe:2.3:h:tp-link:archer_nx600:1.0
-
cpe:2.3:h:tp-link:archer_nx600:2.0
-
cpe:2.3:h:tp-link:archer_nx600:3.0
-
cpe:2.3:o:tp-link:archer_nx200_firmware:*
-
cpe:2.3:o:tp-link:archer_nx210_firmware:*
-
cpe:2.3:o:tp-link:archer_nx500_firmware:*
-
cpe:2.3:o:tp-link:archer_nx600_firmware:*