CVE-2025-15605 - Vulnerability Details

- Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600

Description

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.

Published: 2026-03-23

Score: 8.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A hard‑coded cryptographic key embedded in the firmware’s configuration encryption routine allows anyone with device credentials to decrypt, alter, and re‑encrypt configuration data. The flaw exposes both the confidentiality of stored settings and the integrity of configuration controls, meaning an authenticated attacker can modify routing tables, firewall rules, or other critical parameters without needing to compromise the underlying hardware. The static key weakness is classified as CWE‑321 and CWE‑798.

Affected Systems

The vulnerability affects TP‑Link Archer routers across several models: Archer NX200 versions 1.0, 2.0, 2.20, and 3.0; Archer NX210 versions 2.0, 2.20, and 3.0; Archer NX500 versions 1.0 and 2.0; and Archer NX600 versions 1.0, 2.0, and 3.0. All listed firmware releases from these devices are impacted.

Risk and Exploitability

The CVSS base score of 8.5 indicates a high‑severity flaw, yet the EPSS score is below 1%, suggesting that automated exploitation is unlikely but not impossible. The vulnerability is not currently cataloged in CISA’s KEV list. Because it requires authentication, an attacker must first obtain valid user credentials or take advantage of a local management interface, making the risk contingent on device access controls. Once authenticated, the attacker can tamper with configuration data, potentially redirecting traffic, disabling security features, or creating persistence mechanisms within the router.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

Archer NX600 v3.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260309

TP-Link Systems Inc.

Archer NX600 v2.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX600 v1.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.4.0 Build 260311

TP-Link Systems Inc.

Archer NX500 v2.0

unaffected

Version	Status	Constraints
`0`	affected	< < 1.5.0 Build 260309

TP-Link Systems Inc.

Archer NX500 v1.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX210 v3.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260309

TP-Link Systems Inc.

Archer NX210 v2.0 v2.20

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX200 v3.0

unaffected

Version	Status	Constraints
`0`	affected	< < 1.3.0 Build 260309

TP-Link Systems Inc.

Archer NX200 v2.20

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX200 v2.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.3.0 Build 260311

TP-Link Systems Inc.

Archer NX200 v1.0

unaffected

Version	Status	Constraints
`0`	affected	< 1.8.0 Build 260311

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx600:3.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx500:2.0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx210:3.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx200:3.0:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx600:2.0:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx600:1.0:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx500:1.0:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:tp-link:archer_nx210:2.0:::::::*
	cpe:2.3:h:tp-link:archer_nx210:2.20:::::::*

Configuration 9 [-]

AND

cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:tp-link:archer_nx200:2.0:::::::*
	cpe:2.3:h:tp-link:archer_nx200:2.20:::::::*

Configuration 10 [-]

AND

cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_nx200:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tp-link

Archer Nx200 V1.0

100%

Version	Status	Scheme	Platform
`[0,1.8.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx200 V2.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx200 V2.20

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx200 V3.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260309)`	affected	generic	['linux']

Tp-link

Archer Nx210 V2.0 V2.20

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx210 V3.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260309)`	affected	generic	['linux']

Tp-link

Archer Nx500 V1.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx500 V2.0

100%

Version	Status	Scheme	Platform
`[0,1.5.0 Build 260309)`	affected	generic	['linux']

Tp-link

Archer Nx600 V1.0

100%

Version	Status	Scheme	Platform
`[0,1.4.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx600 V2.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260311)`	affected	generic	['linux']

Tp-link

Archer Nx600 V3.0

100%

Version	Status	Scheme	Platform
`[0,1.3.0 Build 260309)`	affected	generic	['linux']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware updates provided by TP‑Link for the affected Archer NX200, NX210, NX500, and NX600 models.
Verify that device credentials are changed from defaults and that strong, unique passwords are used.
If remote management is not required, disable it to limit attack surface.
Monitor device logs for unusual configuration changes and consider employing a network segmentation or firewall to reduce the impact of compromised routers.

Generated by OpenCVE AI on April 1, 2026 at 03:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.tp-link.com/en/support/download/archer-nx200/#Firmware
https://www.tp-link.com/en/support/download/archer-nx210/#Firmware
https://www.tp-link.com/en/support/download/archer-nx500/#Firmware
https://www.tp-link.com/en/support/download/archer-nx600/#Firmware
https://www.tp-link.com/us/support/faq/5027/

History

Tue, 31 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link archer Nx200 Tp-link archer Nx200 Firmware Tp-link archer Nx210 Tp-link archer Nx210 Firmware Tp-link archer Nx500 Tp-link archer Nx500 Firmware Tp-link archer Nx600 Tp-link archer Nx600 Firmware
Weaknesses		CWE-798
CPEs		cpe:2.3:h:tp-link:archer_nx200:1.0:::::::* cpe:2.3:h:tp-link:archer_nx200:2.0:::::::* cpe:2.3:h:tp-link:archer_nx200:2.20:::::::* cpe:2.3:h:tp-link:archer_nx200:3.0:::::::* cpe:2.3:h:tp-link:archer_nx210:2.0:::::::* cpe:2.3:h:tp-link:archer_nx210:2.20:::::::* cpe:2.3:h:tp-link:archer_nx210:3.0:::::::* cpe:2.3:h:tp-link:archer_nx500:1.0:::::::* cpe:2.3:h:tp-link:archer_nx500:2.0:::::::* cpe:2.3:h:tp-link:archer_nx600:1.0:::::::* cpe:2.3:h:tp-link:archer_nx600:2.0:::::::* cpe:2.3:h:tp-link:archer_nx600:3.0:::::::* cpe:2.3:o:tp-link:archer_nx200_firmware:::::::: cpe:2.3:o:tp-link:archer_nx210_firmware:::::::: cpe:2.3:o:tp-link:archer_nx500_firmware:::::::: cpe:2.3:o:tp-link:archer_nx600_firmware::::::::
Vendors & Products		Tp-link archer Nx200 Tp-link archer Nx200 Firmware Tp-link archer Nx210 Tp-link archer Nx210 Firmware Tp-link archer Nx500 Tp-link archer Nx500 Firmware Tp-link archer Nx600 Tp-link archer Nx600 Firmware
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link archer Nx200 V1.0 Tp-link archer Nx200 V2.0 Tp-link archer Nx200 V2.20 Tp-link archer Nx200 V3.0 Tp-link archer Nx210 V2.0 V2.20 Tp-link archer Nx210 V3.0 Tp-link archer Nx500 V1.0 Tp-link archer Nx500 V2.0 Tp-link archer Nx600 V1.0 Tp-link archer Nx600 V2.0 Tp-link archer Nx600 V3.0
Vendors & Products		Tp-link Tp-link archer Nx200 V1.0 Tp-link archer Nx200 V2.0 Tp-link archer Nx200 V2.20 Tp-link archer Nx200 V3.0 Tp-link archer Nx210 V2.0 V2.20 Tp-link archer Nx210 V3.0 Tp-link archer Nx500 V1.0 Tp-link archer Nx500 V2.0 Tp-link archer Nx600 V1.0 Tp-link archer Nx600 V2.0 Tp-link archer Nx600 V3.0

Mon, 23 Mar 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.
Title		Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
Weaknesses		CWE-321
References		https://www.tp-link.com/en/support/download/archer-nx200/#Firmware https://www.tp-link.com/en/support/download/archer-nx210/#Firmware https://www.tp-link.com/en/support/download/archer-nx500/#Firmware https://www.tp-link.com/en/support/download/archer-nx600/#Firmware https://www.tp-link.com/us/support/faq/5027/
Metrics		cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Tp-link Archer Nx200 Archer Nx200 Firmware Archer Nx200 V1.0 Archer Nx200 V2.0 Archer Nx200 V2.20 Archer Nx200 V3.0 Archer Nx210 Archer Nx210 Firmware Archer Nx210 V2.0 V2.20 Archer Nx210 V3.0 Archer Nx500 Archer Nx500 Firmware Archer Nx500 V1.0 Archer Nx500 V2.0 Archer Nx600 Archer Nx600 Firmware Archer Nx600 V1.0 Archer Nx600 V2.0 Archer Nx600 V3.0

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-03-23T18:02:01.109Z

Updated: 2026-03-24T03:56:03.860Z

Reserved: 2026-03-09T17:31:03.466Z

Link: CVE-2025-15605

Vulnrichment

Updated: 2026-03-23T19:07:25.221Z

NVD

Status : Analyzed

Published: 2026-03-23T18:16:24.067

Modified: 2026-03-31T19:04:37.933

Link: CVE-2025-15605

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-02T07:59:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object