Description
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
Published: 2026-03-23
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary operating system command execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from improper sanitization of input in a modem‑management administrative CLI command. An attacker who is already authenticated with administrative privileges can supply specially crafted data that is passed directly to the underlying operating system shell. This results in arbitrary OS command execution, which can lead to compromise of confidentiality, integrity and availability of the device.

Affected Systems

The affected devices are TP‑Link Archer model series manufactured by TP‑Link Systems Inc. The vulnerable firmware versions are Archer NX200 v1.0, v2.0, v2.20 and v3.0; Archer NX210 v2.0, v2.20 and v3.0; Archer NX500 v1.0 and v2.0; and Archer NX600 v1.0, v2.0 and v3.0. Firmware updates or newer releases beyond these versions are not listed as affected.

Risk and Exploitability

The CVSS score of 8.5 signals high severity. The EPSS score of less than 1% indicates that exploitation likelihood is presently low, and the vulnerability is not catalogued in CISA’s KEV list. Because the flaw requires local or remote access to the modem management CLI with administrative rights, an attacker who has breached local network control or obtained credentials could execute arbitrary commands, blowing away system integrity and potentially allowing further lateral movement. Organizations should assess whether their networks expose the management interface to untrusted networks and enforce strict access controls.

Generated by OpenCVE AI on April 1, 2026 at 03:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the firmware on all affected TP‑Link Archer NX200, NX210, NX500, and NX600 devices to the latest version available from TP‑Link support pages.
  • If an update is not yet available, disable or lock down remote access to the modem‑management CLI and limit administrative credentials to trusted personnel.
  • Continuously monitor device logs for unexpected command execution and configure alerts for anomalous activity.

Generated by OpenCVE AI on April 1, 2026 at 03:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link archer Nx200
Tp-link archer Nx200 Firmware
Tp-link archer Nx210
Tp-link archer Nx210 Firmware
Tp-link archer Nx500
Tp-link archer Nx500 Firmware
Tp-link archer Nx600
Tp-link archer Nx600 Firmware
CPEs cpe:2.3:h:tp-link:archer_nx200:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx200:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx200:2.20:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx200:3.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx210:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx210:2.20:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx210:3.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx500:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx500:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx600:1.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx600:2.0:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:archer_nx600:3.0:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link archer Nx200
Tp-link archer Nx200 Firmware
Tp-link archer Nx210
Tp-link archer Nx210 Firmware
Tp-link archer Nx500
Tp-link archer Nx500 Firmware
Tp-link archer Nx600
Tp-link archer Nx600 Firmware
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link archer Nx200 V1.0
Tp-link archer Nx200 V2.0
Tp-link archer Nx200 V2.20
Tp-link archer Nx200 V3.0
Tp-link archer Nx210 V2.0 V2.20
Tp-link archer Nx210 V3.0
Tp-link archer Nx500 V1.0
Tp-link archer Nx500 V2.0
Tp-link archer Nx600 V1.0
Tp-link archer Nx600 V2.0
Tp-link archer Nx600 V3.0
Vendors & Products Tp-link
Tp-link archer Nx200 V1.0
Tp-link archer Nx200 V2.0
Tp-link archer Nx200 V2.20
Tp-link archer Nx200 V3.0
Tp-link archer Nx210 V2.0 V2.20
Tp-link archer Nx210 V3.0
Tp-link archer Nx500 V1.0
Tp-link archer Nx500 V2.0
Tp-link archer Nx600 V1.0
Tp-link archer Nx600 V2.0
Tp-link archer Nx600 V3.0

Mon, 23 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Description Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
Title Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Archer Nx200 Archer Nx200 Firmware Archer Nx200 V1.0 Archer Nx200 V2.0 Archer Nx200 V2.20 Archer Nx200 V3.0 Archer Nx210 Archer Nx210 Firmware Archer Nx210 V2.0 V2.20 Archer Nx210 V3.0 Archer Nx500 Archer Nx500 Firmware Archer Nx500 V1.0 Archer Nx500 V2.0 Archer Nx600 Archer Nx600 Firmware Archer Nx600 V1.0 Archer Nx600 V2.0 Archer Nx600 V3.0
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-24T03:56:00.901Z

Reserved: 2026-01-13T19:45:17.342Z

Link: CVE-2025-15519

cve-icon Vulnrichment

Updated: 2026-03-23T19:07:23.210Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T18:16:23.840

Modified: 2026-03-31T19:04:48.637

Link: CVE-2025-15519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:59:26Z

Weaknesses