CVE-2025-15551
5.9
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TP-Link Systems Inc. | Archer MR200 v5.2 | 0 < 1.2.0 Build 250917 Rel.51746 | affected |
| TP-Link Systems Inc. | Archer C20 v6 | 0 < 0.9.1 4.19 v0001.0 Build 250630 Rel.56583n | affected |
| TP Link Systems Inc. | TL-WR850N v3 | 0 < 3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n | affected |
| TP Link Systems Inc. | TL-WR845N v4 | 0 < 0.9.1 3.19 Build 251031 rel33710 | affected |
| TP-Link Systems Inc. | Archer C20 v5 | 0 < US_V5_260419 | affected |
| TP-Link Systems Inc. | Archer C20 v5 | 0 < EU_V5_260317 | affected |
Weaknesses
- CWE-95: CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#Firmware
- https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware
- https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware
- https://www.tp-link.com/en/support/download/tl-wr845n/#Firmware
- https://www.tp-link.com/in/support/download/archer-mr200/v5.20/#Firmware
- https://www.tp-link.com/in/support/download/archer-c20/v6/#Firmware
- https://www.tp-link.com/in/support/download/tl-wr845n/#Firmware
- https://www.tp-link.com/us/support/faq/4948/
- https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware
- https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.