**Hacker Pranks Exclusive: TP-Link Archer NX Routers Exposed to Firmware Takeover - Patch Now!**

A critical authentication bypass flaw (CVE-2025-15517) in TP-Link's Archer NX router series has been patched, but users are urged to update their firmware immediately. The vulnerability, with a CVSS score of 8.6, allows attackers to upload malicious firmware without privileges, posing a significant risk of compromise if left unpatched.

In September 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the severity of this issue. Moreover, the recent ban on importing foreign-made consumer routers in the United States underscores the importance of maintaining secure hardware.

**TP-Link's Urgent Firmware Update**

TP-Link has released security updates for its Archer NX router series to address multiple vulnerabilities, including CVE-2025-15517 and CVE-2025-15605. The former is a critical authentication bypass flaw that allows attackers to perform privileged HTTP actions without authentication, including firmware upload and configuration operations.

According to TP-Link's advisory, the vulnerability occurs due to a missing authentication check in the HTTP server to certain cgi endpoints, intended for authenticated users only. "A missing authentication check in the HTTP server to certain cgi endpoints allows unauthenticated access intended for authenticated users," reads the advisory. This enables attackers to bypass authentication and perform sensitive actions without permission.

**Hardcoded Cryptographic Key Removed**

In addition to CVE-2025-15517, TP-Link has also removed a hardcoded cryptographic key from its Configuration Encryption Mechanism, tracked as CVE-2025-15605 (CVSS score of 8.5). This vulnerability allowed authenticated attackers to decrypt configuration files, modify them, and re-encrypt them.

As described in the advisory, "A hardcoded cryptographic key within its configuration mechanism enables decryption and re-encryption of device configuration data." This allows an attacker to compromise the confidentiality and integrity of device configuration data by accessing, modifying, and re-encrypting it.

**Impacted Products and Fixes**

The following products/versions are affected:

* NX200 * NX210 * NX500 * NX600

To address these issues, users should download and install the latest firmware version available from TP-Link's official website. It is essential to update your firmware as soon as possible to prevent potential security risks.

**U.S. Government Response**

The U.S. FCC has recently announced a ban on importing new foreign-made consumer routers due to unacceptable cyber and national security risks. This decision aims to protect communications networks from potential threats, emphasizing the importance of maintaining secure hardware.

**Conclusion**

In conclusion, TP-Link's Archer NX router series has been exposed to critical vulnerabilities, including CVE-2025-15517 and CVE-2025-15605. It is crucial for users to update their firmware immediately to prevent potential security risks. The recent ban on importing foreign-made consumer routers in the United States underscores the severity of this issue.

Stay ahead of the curve by following Hacker Pranks on Twitter (@securityaffairs) and Facebook, where we provide timely updates on cybersecurity news and research.