Hard-coded Credentials in TP-Link Archer C50 and Versions by TP-Link
CVE-2025-6982

6.9MEDIUM

Key Information:

Vendor

Tp-link Systems Inc.

Status
Archer C50 V3
Archer C50 V4
Archer C50 V5
Archer C20 V5
Vendor
CVE Published:
16 July 2025

What is CVE-2025-6982?

A vulnerability exists in the TP-Link Archer C50 router models where hard-coded credentials can be exploited to decrypt sensitive configuration files, such as config.xml. This flaw potentially allows unauthorized users to gain access to network configurations and sensitive information, undermining the security of the devices.

Affected Version(s)

Archer C20 V5 0

Archer C20 V5 0

Archer C50 V3 0 <= 180703

References

https://www.tp-link.com/us/support/faq/4538/
vendor-advisory
https://www.tp-link.com/us/support/download/archer-c20/v5...
patch
https://www.tp-link.com/en/support/download/archer-c20/v5...
patch

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.