CVE-2025-15605

HIGH

Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600

Title source: cna

Description

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.

References (5)

[Vendor Advisory] https://www.tp-link.com/us/support/faq/5027/

[Patch] https://www.tp-link.com/en/support/download/archer-nx200/#Firmware

[Patch] https://www.tp-link.com/en/support/download/archer-nx210/#Firmware

[Patch] https://www.tp-link.com/en/support/download/archer-nx500/#Firmware

[Patch] https://www.tp-link.com/en/support/download/archer-nx600/#Firmware

Scores

CVSS v3 7.3

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-321 CWE-798

Status published

Products (15)

tp-link/archer_nx200_firmware < 1.3.0

tp-link/archer_nx210_firmware < 1.3.0

tp-link/archer_nx500_firmware < 1.5.0

tp-link/archer_nx600_firmware < 1.3.0

TP-Link Systems Inc./Archer NX200 v1.0 < 1.8.0 Build 260311

TP-Link Systems Inc./Archer NX200 v2.0 < 1.3.0 Build 260311

TP-Link Systems Inc./Archer NX200 v2.20 < 1.3.0 Build 260311

TP-Link Systems Inc./Archer NX200 v3.0 < < 1.3.0 Build 260309

TP-Link Systems Inc./Archer NX210 v2.0 v2.20 < 1.3.0 Build 260311

TP-Link Systems Inc./Archer NX210 v3.0 < 1.3.0 Build 260309

... and 5 more

Published Mar 23, 2026

Tracked Since Mar 24, 2026