Description
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
Published: 2026-03-23
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation via authentication bypass
Action: Immediate Patch
AI Analysis

Impact

A missing authentication check in the TP‑Link Archer NX series HTTP server creates an authorization bypass (CWE‑306). This flaw allows unauthenticated users to reach CGI endpoints intended for privileged management, enabling actions such as firmware uploads and configuration changes. The resulting compromise can modify device behavior, replace firmware with malicious code, and disrupt network services, affecting confidentiality, integrity, and availability.

Affected Systems

Vulnerable models include TP‑Link Archer NX200 (v1.0 through v3.0), Archer NX210 (v2.0 through v3.0), Archer NX500 (v1.0 v2.0), and Archer NX600 (v1.0 v2.0 v3.0). All affected units expose the susceptible HTTP endpoints in their current firmware.

Risk and Exploitability

The CVSS score of 8.6 marks this as high risk. EPSS is below 1 % and the vulnerability is not listed in CISA’s KEV catalogue, indicating low current exploitation activity. Attackers can exploit it with simple HTTP requests over the local or internet‑facing interface, requiring no credentials. Successful exploitation grants full control over the device, including firmware replacement and configuration manipulation.

Generated by OpenCVE AI on April 1, 2026 at 03:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update released by TP‑Link for each affected model
  • If a patch is not yet available, block external access to the vulnerable CGI endpoints or disable the HTTP management interface from WAN
  • Verify that all management interfaces enforce authentication and use secure channels
  • Monitor router logs for unauthenticated HTTP requests or firmware upload attempts
  • Implement network segmentation to isolate router traffic from critical network segments

Generated by OpenCVE AI on April 1, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Nx200
Tp-link archer Nx200 Firmware
Tp-link archer Nx210
Tp-link archer Nx210 Firmware
Tp-link archer Nx500
Tp-link archer Nx500 Firmware
Tp-link archer Nx600
Tp-link archer Nx600 Firmware
CPEs cpe:2.3:h:tp-link:archer_nx200:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx200:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx200:2.20:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx200:3.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx210:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx210:2.20:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx210:3.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx500:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx500:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx600:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx600:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx600:3.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Nx200
Tp-link archer Nx200 Firmware
Tp-link archer Nx210
Tp-link archer Nx210 Firmware
Tp-link archer Nx500
Tp-link archer Nx500 Firmware
Tp-link archer Nx600
Tp-link archer Nx600 Firmware
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Nx200 V1.0
Tp-link archer Nx200 V2.0
Tp-link archer Nx200 V2.20
Tp-link archer Nx200 V3.0
Tp-link archer Nx210 V2.0 V2.20
Tp-link archer Nx210 V3.0
Tp-link archer Nx500 V1.0
Tp-link archer Nx500 V2.0
Tp-link archer Nx600 V1.0
Tp-link archer Nx600 V2.0
Tp-link archer Nx600 V3.0
Vendors & Products Tp-link
Tp-link archer Nx200 V1.0
Tp-link archer Nx200 V2.0
Tp-link archer Nx200 V2.20
Tp-link archer Nx200 V3.0
Tp-link archer Nx210 V2.0 V2.20
Tp-link archer Nx210 V3.0
Tp-link archer Nx500 V1.0
Tp-link archer Nx500 V2.0
Tp-link archer Nx600 V1.0
Tp-link archer Nx600 V2.0
Tp-link archer Nx600 V3.0

Mon, 23 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Description A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.
Title Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Nx200 Archer Nx200 Firmware Archer Nx200 V1.0 Archer Nx200 V2.0 Archer Nx200 V2.20 Archer Nx200 V3.0 Archer Nx210 Archer Nx210 Firmware Archer Nx210 V2.0 V2.20 Archer Nx210 V3.0 Archer Nx500 Archer Nx500 Firmware Archer Nx500 V1.0 Archer Nx500 V2.0 Archer Nx600 Archer Nx600 Firmware Archer Nx600 V1.0 Archer Nx600 V2.0 Archer Nx600 V3.0
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-24T03:56:05.005Z

Reserved: 2026-01-13T19:43:48.978Z

Link: CVE-2025-15517

cve-icon Vulnrichment

Updated: 2026-03-23T19:07:19.207Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T18:16:22.347

Modified: 2026-03-31T19:08:33.513

Link: CVE-2025-15517

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:59:28Z

Weaknesses