Improper Input Handling in TP-Link Archer Routers
CVE-2025-15518

8.5HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Archer Nx600 V3.0
Archer Nx600 V2.0
Archer Nx600 V1.0
Archer Nx500 V2.0
Vendor
CVE Published:
23 March 2026

What is CVE-2025-15518?

An issue exists within TP-Link Archer NX200, NX210, NX500, and NX600 routers where improper input handling in a wireless-control administrative CLI command allows authenticated attackers with administrative privileges to execute arbitrary operating system commands. This flaw poses significant risks to device confidentiality, integrity, and availability, enabling the potential for exploitation through crafted input.

Affected Version(s)

Archer NX200 v1.0 Linux 0 < 1.8.0 Build 260311

Archer NX200 v2.0 Linux 0 < 1.3.0 Build 260311

Archer NX200 v2.20 Linux 0 < 1.3.0 Build 260311

References

https://www.tp-link.com/en/support/download/archer-nx200/...
patch
https://www.tp-link.com/en/support/download/archer-nx210/...
patch
https://www.tp-link.com/en/support/download/archer-nx500/...
patch

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Saifeldeen Aziz from Cyshield
.