"A flaw, CVE-2025-15517, allows attackers to exploit a missing authentication check, enabling access to CGI endpoints reserved for logged-in users only."
"CVE-2025-15605 allowed logged-in attackers to abuse the router's cryptographic key to decrypt, modify, and re-encrypt configuration files, giving them control over router settings."
"CVE-2025-15518 and CVE-2025-15519 allow an attacker to execute malicious commands in admin mode, further compromising the security of the router."
"CISA added two more vulnerabilities to its Known Exploited Vulnerability category, bringing the total number of TP-Link flaws flagged to six."
TP-Link addressed multiple critical vulnerabilities in its Archer NX router series, including models NX200, NX210, NX500, and NX600. These flaws enabled attackers to bypass authentication and manipulate routers, risking unauthorized access to connected devices. Security researchers from CISA highlighted these vulnerabilities, urging users to install updates immediately. Key issues included a missing authentication check and the ability to exploit cryptographic keys, allowing attackers to read and modify router settings. Additional vulnerabilities were also flagged, increasing security concerns for users.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]