CVE-2025-6982

Summary

Use of Hard-coded Credentials in TP-Link Archer C50 V3(

<=

180703)/V4(

<=

250117

)/V5(

<=

200407

), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Archer C50 V30 <= 180703affected
TP-Link Systems Inc.Archer C50 V40 <= 250117affected
TP-Link Systems Inc.Archer C50 V50 <= 200407affected
TP-Link Systems Inc.Archer C20 V50 < US_V5_260419affected
TP-Link Systems Inc.Archer C20 V50 < EU_V5_260317affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References