CVE-2025-15605

Summary

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Archer NX600 v3.00 < 1.3.0 Build 260309affected
TP-Link Systems Inc.Archer NX600 v2.00 < 1.3.0 Build 260311affected
TP-Link Systems Inc.Archer NX600 v1.00 < 1.4.0 Build 260311affected
TP-Link Systems Inc.Archer NX500 v2.00 < < 1.5.0 Build 260309affected
TP-Link Systems Inc.Archer NX500 v1.00 < 1.3.0 Build 260311affected
TP-Link Systems Inc.Archer NX210 v3.00 < 1.3.0 Build 260309affected
TP-Link Systems Inc.Archer NX210 v2.0 v2.200 < 1.3.0 Build 260311affected
TP-Link Systems Inc.Archer NX200 v3.00 < < 1.3.0 Build 260309affected
TP-Link Systems Inc.Archer NX200 v2.200 < 1.3.0 Build 260311affected
TP-Link Systems Inc.Archer NX200 v2.00 < 1.3.0 Build 260311affected
TP-Link Systems Inc.Archer NX200 v1.00 < 1.8.0 Build 260311affected

Weaknesses

  • CWE-321: CWE-321 Use of Hard-coded Cryptographic Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References