CVE-2025-15518 - Vulnerability Details

- Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600

Description

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.

Published: 2026-03-23

Score: 8.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An improper input handling flaw in the wireless‑control administrative command line interface of TP‑Link Archer NX200, NX210, NX500 and NX600 series devices allows crafted input to be executed as part of an operating system command. If an attacker can authenticate as an administrator, they can run arbitrary commands on the device, potentially compromising confidentiality, integrity, and availability of the router and any devices connected to it. The flaw is classified as CWE‑78: Improper Neutralization of Special Elements used in an OS Command.

Affected Systems

The vulnerability affects all firmware variants of the TP‑Link Archer NX200, NX210, NX500 and NX600 models listed by the CNA, including versions 1.0 through 3.0. No specific unaffected versions are indicated in the data.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity, while an EPSS score of less than 1% suggests a low probability of immediate exploitation. The flaw requires authenticated administrator access and is not currently listed in the CISA KEV catalog, but once privileged access is achieved the attacker can gain full control over the device, affecting all aspects of confidentiality, integrity, and availability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

Archer NX600 v3.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260309

TP-Link Systems Inc.

Archer NX600 v2.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX600 v1.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.4.0 Build 260311

TP-Link Systems Inc.

Archer NX500 v2.0

unaffected

Version	Status	Constraints
`0`	affected	< < 1.5.0 Build 260309

TP-Link Systems Inc.

Archer NX500 v1.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX210 v3.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260309

TP-Link Systems Inc.

Archer NX210 v2.0 v2.20

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX200 v3.0

unaffected

Version	Status	Constraints
`0`	affected	< < 1.3.0 Build 260309

TP-Link Systems Inc.

Archer NX200 v2.20

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX200 v2.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX200 v1.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.8.0 Build 260311

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx600:3.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx500:2.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx210:3.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx200:3.0:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx600:2.0:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx600:1.0:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx500:1.0:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:tp-link:archer_nx210:2.0:::::::*
	cpe:2.3:h:tp-link:archer_nx210:2.20:::::::*

Configuration 9 [-]

AND

cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:tp-link:archer_nx200:2.0:::::::*
	cpe:2.3:h:tp-link:archer_nx200:2.20:::::::*

Configuration 10 [-]

AND

cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx200:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tp-link

Archer Nx200 V1.0

100%

Version	Status	Scheme	Platform
`[0,1.8.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx200 V2.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx200 V2.20

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx200 V3.0

100%

Version	Status	Scheme	Platform
`[0,< 1.3.0 Build 260309)`	affected	generic	['linux']

Tp-link

Archer Nx210 V2.0 V2.20

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx210 V3.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260309)`	affected	generic	['linux']

Tp-link

Archer Nx500 V1.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx500 V2.0

100%

Version	Status	Scheme	Platform
`[0,< 1.5.0 Build 260309)`	affected	generic	['linux']

Tp-link

Archer Nx600 V1.0

100%

Version	Status	Scheme	Platform
`[0,1.4.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx600 V2.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx600 V3.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260309)`	affected	generic	['linux']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade all Archer NX200, NX210, NX500, and NX600 firmware to the latest versions released by TP‑Link.
If an upgrade cannot be applied immediately, limit access to the wireless‑control administrative CLI to trusted administrators only.
Configure strict logging and monitor device logs for any unexpected command execution.
Ensure default administrative credentials are changed and enforce strong passwords.
Segment the network to isolate wireless‑control devices from critical infrastructure.

Generated by OpenCVE AI on April 1, 2026 at 03:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00102.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.tp-link.com/en/support/download/archer-nx200/#Firmware
https://www.tp-link.com/en/support/download/archer-nx210/#Firmware
https://www.tp-link.com/en/support/download/archer-nx500/#Firmware
https://www.tp-link.com/en/support/download/archer-nx600/#Firmware
https://www.tp-link.com/us/support/faq/5027/

History

Tue, 31 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link archer Nx200 Tp-link archer Nx200 Firmware Tp-link archer Nx210 Tp-link archer Nx210 Firmware Tp-link archer Nx500 Tp-link archer Nx500 Firmware Tp-link archer Nx600 Tp-link archer Nx600 Firmware
CPEs		cpe:2.3:h:tp-link:archer_nx200:1.0:::::::* cpe:2.3:h:tp-link:archer_nx200:2.0:::::::* cpe:2.3:h:tp-link:archer_nx200:2.20:::::::* cpe:2.3:h:tp-link:archer_nx200:3.0:::::::* cpe:2.3:h:tp-link:archer_nx210:2.0:::::::* cpe:2.3:h:tp-link:archer_nx210:2.20:::::::* cpe:2.3:h:tp-link:archer_nx210:3.0:::::::* cpe:2.3:h:tp-link:archer_nx500:1.0:::::::* cpe:2.3:h:tp-link:archer_nx500:2.0:::::::* cpe:2.3:h:tp-link:archer_nx600:1.0:::::::* cpe:2.3:h:tp-link:archer_nx600:2.0:::::::* cpe:2.3:h:tp-link:archer_nx600:3.0:::::::* cpe:2.3:o:tp-link:archer_nx200_firmware:::::::: cpe:2.3:o:tp-link:archer_nx210_firmware:::::::: cpe:2.3:o:tp-link:archer_nx500_firmware:::::::: cpe:2.3:o:tp-link:archer_nx600_firmware::::::::
Vendors & Products		Tp-link archer Nx200 Tp-link archer Nx200 Firmware Tp-link archer Nx210 Tp-link archer Nx210 Firmware Tp-link archer Nx500 Tp-link archer Nx500 Firmware Tp-link archer Nx600 Tp-link archer Nx600 Firmware
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link archer Nx200 V1.0 Tp-link archer Nx200 V2.0 Tp-link archer Nx200 V2.20 Tp-link archer Nx200 V3.0 Tp-link archer Nx210 V2.0 V2.20 Tp-link archer Nx210 V3.0 Tp-link archer Nx500 V1.0 Tp-link archer Nx500 V2.0 Tp-link archer Nx600 V1.0 Tp-link archer Nx600 V2.0 Tp-link archer Nx600 V3.0
Vendors & Products		Tp-link Tp-link archer Nx200 V1.0 Tp-link archer Nx200 V2.0 Tp-link archer Nx200 V2.20 Tp-link archer Nx200 V3.0 Tp-link archer Nx210 V2.0 V2.20 Tp-link archer Nx210 V3.0 Tp-link archer Nx500 V1.0 Tp-link archer Nx500 V2.0 Tp-link archer Nx600 V1.0 Tp-link archer Nx600 V2.0 Tp-link archer Nx600 V3.0

Mon, 23 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
Title		Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600
Weaknesses		CWE-78
References		https://www.tp-link.com/en/support/download/archer-nx200/#Firmware https://www.tp-link.com/en/support/download/archer-nx210/#Firmware https://www.tp-link.com/en/support/download/archer-nx500/#Firmware https://www.tp-link.com/en/support/download/archer-nx600/#Firmware https://www.tp-link.com/us/support/faq/5027/
Metrics		cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Tp-link Archer Nx200 Archer Nx200 Firmware Archer Nx200 V1.0 Archer Nx200 V2.0 Archer Nx200 V2.20 Archer Nx200 V3.0 Archer Nx210 Archer Nx210 Firmware Archer Nx210 V2.0 V2.20 Archer Nx210 V3.0 Archer Nx500 Archer Nx500 Firmware Archer Nx500 V1.0 Archer Nx500 V2.0 Archer Nx600 Archer Nx600 Firmware Archer Nx600 V1.0 Archer Nx600 V2.0 Archer Nx600 V3.0

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-03-23T18:01:39.070Z

Updated: 2026-03-24T03:55:59.756Z

Reserved: 2026-01-13T19:45:14.017Z

Link: CVE-2025-15518

Vulnrichment

Updated: 2026-03-23T19:07:21.303Z

NVD

Status : Analyzed

Published: 2026-03-23T18:16:23.630

Modified: 2026-03-31T19:05:01.927

Link: CVE-2025-15518

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-02T07:59:27Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object