**Hacker Pranks** ================

**Critical Router Auth Bypass Flaw: TP-Link Warns Users to Patch Immediately**

In a stark reminder of the importance of regular security updates, TP-Link has issued an urgent warning to users of its Archer NX router series to patch a critical vulnerability that could allow attackers to bypass authentication and upload malicious firmware. This flaw, tracked as CVE-2025-15517, affects multiple models of TP-Link's wireless routers and stems from a missing authentication check in the HTTP server.

**Missing Authentication Check Exposes Routers to Attacks**

The vulnerability, which allows unauthenticated access to certain cgi endpoints intended for authenticated users, can be exploited without privileges. This means that attackers may perform privileged HTTP actions, including firmware upload and configuration operations, without requiring authentication. As explained by TP-Link, "A missing authentication check in the HTTP server to certain cgi endpoints allows unauthenticated access intended for authenticated users."

**Additional Vulnerabilities Patched by TP-Link**

In addition to CVE-2025-15517, TP-Link has also addressed several other vulnerabilities in its Archer NX router series. These include:

* **CVE-2025-15605**: A hardcoded cryptographic key that allowed authenticated attackers to decrypt configuration files, modify them, and re-encrypt them. * **CVE-2025-15518** and **CVE-2025-15519**: Two command injection vulnerabilities that enable threat actors with admin privileges to execute arbitrary commands.

**TP-Link Recommends Immediate Action**

To mitigate potential attacks exploiting these flaws, TP-Link "strongly" recommends that customers download and install the latest firmware version. Failure to do so may leave devices vulnerable to exploitation, and TP-Link cannot bear responsibility for consequences that could have been avoided by following this advisory.

**Routers Vulnerable to Exploitation**

This is not the first time that TP-Link has faced criticism over its security practices. In September, the company was forced to rush out patches for a zero-day vulnerability impacting multiple router models after failing to release patches following a May 2024 report. The unpatched security flaw allowed attackers to intercept or manipulate unencrypted traffic, reroute DNS queries to malicious servers, and inject malicious payloads into web sessions.

**CISA Adds TP-Link Flaws to Known Exploited Vulnerability Catalog**

In September, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two other TP-Link flaws (CVE-2023-50224 and CVE-2025-9377) to its Known Exploited Vulnerability catalog. The Quad7 botnet has been exploiting these vulnerabilities to compromise vulnerable routers.

**Federal Communications Commission Updates Covered List**

This week, the U.S. Federal Communications Commission (FCC) updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new routers made outside the U.S. due to an "unacceptable risk to the national security." The move follows Texas Attorney General Paxton's lawsuit against TP-Link Systems in February, accusing the company of deceptively promoting its routers as secure while allowing Chinese state-sponsored hacking groups to exploit firmware vulnerabilities and access users' devices.

**Protect Your Routers from Exploitation**

To protect your routers from exploitation, make sure to:

* Regularly update your router's firmware * Use strong passwords and enable two-factor authentication * Monitor your network for suspicious activity

By taking these precautions, you can help ensure the security of your devices and prevent potential attacks exploiting this vulnerability.