**Hacker Pranks**

**"Firmware Fiasco: TP-Link Archer NX Routers Vulnerable to Critical Flaw"**

TP-Link, a leading provider of networking equipment, has issued security updates for its Archer NX router series to fix multiple vulnerabilities, including a high-severity flaw that allows attackers to bypass authentication and install malicious firmware. The critical vulnerability, tracked as CVE-2025-15517 (CVSS score of 8.6), was discovered in the HTTP server of affected devices, enabling unauthenticated access to privileged actions.

The TP-Link Archer NX routers, including models such as NX200, NX210, NX500, and NX600, are impacted by this critical flaw. If left unpatched, attackers can upload new firmware without privileges, posing a significant risk to the security of these devices and the networks they protect. Furthermore, the vulnerability also allows attackers to perform other privileged HTTP actions without authentication, including configuration operations.

**Authentication Bypass Vulnerability (CVE-2025-15517)**

The advisory provided by TP-Link explains that a missing authentication check in the HTTP server of certain cgi endpoints enables unauthenticated access intended for authenticated users. This flaw can be exploited by attackers to perform privileged actions on affected devices without requiring authentication. The consequences of this vulnerability are severe, as it allows attackers to:

* Upload new firmware without privileges * Perform configuration operations without authentication

**Configuration Encryption Mechanism Vulnerability (CVE-2025-15605)**

In addition to the authentication bypass flaw, TP-Link has also addressed a hardcoded cryptographic key in its Configuration Encryption Mechanism. This vulnerability, tracked as CVE-2025-15605 (CVSS score of 8.5), allows authenticated attackers to decrypt configuration files, modify them, and re-encrypt them. The advisory notes that this flaw enables an attacker to:

* Decrypt configuration files * Modify configuration files * Re-encrypt modified configuration files

**Affected Products and Fixes**

The following products and versions are impacted by these vulnerabilities:

| Product | Version | Fix | | --- | --- | --- | | TP-Link Archer NX200 | V1.0.2 | Firmware Update: Download and install the latest firmware version | | TP-Link Archer NX210 | V1.1.3 | Firmware Update: Download and install the latest firmware version | | TP-Link Archer NX500 | V2.0.4 | Firmware Update: Download and install the latest firmware version | | TP-Link Archer NX600 | V2.1.5 | Firmware Update: Download and install the latest firmware version |

**US Cybersecurity and Infrastructure Security Agency (CISA) Alert**

In September 2025, the US CISA added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. The agency urges users to take immediate action to address these vulnerabilities.

**US FCC Ban on Foreign-Made Consumer Routers**

In a recent development, the US Federal Communications Commission (FCC) announced a ban on importing new foreign-made consumer routers due to unacceptable cyber and national security risks. Devices not cleared by the Department of Homeland Security or defense authorities will be added to the Covered List.

To protect your network from these vulnerabilities, we urge you to:

* Download and install the latest firmware version for your TP-Link Archer NX router * Regularly monitor your devices for signs of unauthorized access or configuration changes

Stay vigilant and stay secure with Hacker Pranks. Follow us on Twitter: @securityaffairs and Facebook and Mastodon for the latest cybersecurity news and updates.