**Critical Vulnerability Alert: TP-Link Archer NX Routers Exposed to Firmware Takeover**

A recent security advisory from TP-Link has highlighted a critical flaw in its Archer NX router series, which could allow attackers to bypass authentication and install malicious firmware. The vulnerability, tracked as CVE-2025-15517, is rated 8.6 on the CVSS scoring system and affects multiple models, including NX200, NX210, NX500, and NX600.

**Vulnerability Details**

The flaw lies in a missing authentication check in the HTTP server to certain cgi endpoints, allowing unauthenticated access intended for authenticated users. This vulnerability enables attackers to perform privileged HTTP actions without authentication, including firmware upload and configuration operations. "A missing authentication check in the HTTP server to certain cgi endpoints allows unauthenticated access intended for authenticated users," reads the advisory. "An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations."

In addition to CVE-2025-15517, TP-Link has also addressed a second vulnerability, tracked as CVE-2025-15605 (CVSS score of 8.5). This flaw relates to a hardcoded cryptographic key in the Configuration Encryption Mechanism, which enables attackers to decrypt configuration files, modify them, and re-encrypt them. "A hardcoded cryptographic key within its configuration mechanism enables decryption and re-encryption of device configuration data," reads the advisory. "An authenticated attacker may decrypt configuration files, modify them and re-encrypt them, affecting confidentiality and integrity of device configuration data."

**Impacted Products and Fixes**

The following TP-Link Archer NX router models are affected by these vulnerabilities:

* NX200 * NX210 * NX500 * NX600

To address these issues, customers are urged to download and install the latest firmware version.

**CISA's Known Exploited Vulnerabilities Catalog**

In September 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. This highlights the importance of keeping devices up-to-date with the latest security patches.

**FCC's Ban on Foreign-Made Consumer Routers**

This week, the U.S. Federal Communications Commission (FCC) announced a ban on importing new foreign-made consumer routers, citing unacceptable cyber and national security risks. The decision aims to protect U.S. communications networks from potential threats.

**Conclusion**

The recent TP-Link Archer NX router vulnerability serves as a reminder of the importance of prioritizing cybersecurity in our connected world. With the increasing reliance on IoT devices, it's crucial for manufacturers to address vulnerabilities promptly and for users to stay informed about security updates. By staying vigilant and taking proactive measures, we can mitigate the risk of data breaches and firmware takeovers.

**Recommendations**

* Update your TP-Link Archer NX router to the latest firmware version * Regularly check for security patches and updates from manufacturers * Prioritize cybersecurity in your connected devices and networks

Stay informed about the latest security news and trends by following us on Twitter: @securityaffairs and Facebook.