CVE-2025-15519
HIGHCommand Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600
Title source: cnaDescription
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
https://www.tp-link.com/us/support/faq/5027/
Scores
CVSS v3
7.2
EPSS
0.0008
EPSS Percentile
24.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (15)
tp-link/archer_nx200_firmware
< 1.3.0
tp-link/archer_nx210_firmware
< 1.3.0
tp-link/archer_nx500_firmware
< 1.5.0
tp-link/archer_nx600_firmware
< 1.3.0
TP-Link Systems Inc./Archer NX200 v1.0
< 1.8.0 Build 260311
TP-Link Systems Inc./Archer NX200 v2.0
< 1.3.0 Build 260311
TP-Link Systems Inc./Archer NX200 v2.20
< 1.3.0 Build 260311
TP-Link Systems Inc./Archer NX200 v3.0
< < 1.3.0 Build 260309
TP-Link Systems Inc./Archer NX210 v2.0 v2.20
< 1.3.0 Build 260311
TP-Link Systems Inc./Archer NX210 v3.0
< 1.3.0 Build 260309
... and 5 more
Published
Mar 23, 2026
Tracked Since
Mar 24, 2026