**TP-Link** has addressed several security vulnerabilities in its Archer NX router series, including a critical-severity flaw identified as **CVE-2025-15517**. This vulnerability could allow attackers to bypass authentication and upload new, potentially malicious, firmware to the devices. ### Authentication Bypass (CVE-2025-15517) The critical flaw, **CVE-2025-15517**, impacts Archer NX200, NX210, NX500, and NX600 wireless routers. The root cause is a missing authentication check in the HTTP server, specifically affecting certain CGI endpoints. This allows unauthenticated access that should be restricted to authenticated users. According to **TP-Link**'s advisory, "An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations." ### Other Vulnerabilities Addressed In addition to the critical authentication bypass, **TP-Link** also patched the following: * **CVE-2025-15605**: Removal of a hardcoded cryptographic key within the configuration mechanism. This key could have been exploited by authenticated attackers to decrypt, modify, and re-encrypt configuration files. * **CVE-2025-15518 & CVE-2025-15519**: Two command injection vulnerabilities that could allow threat actors with administrative privileges to execute arbitrary commands on the affected devices. ### Remediation **TP-Link** is urging customers to immediately download and install the latest firmware versions for their respective router models. The company explicitly stated, "If you do not take all recommended actions, this vulnerability will remain. **TP-Link** cannot bear any responsibility for consequences that could have been avoided by following this advisory." ### History of Vulnerabilities This isn't the first time **TP-Link** has faced scrutiny over router security. In September, the company rushed out patches for a zero-day vulnerability after initially failing to address a reported flaw from May 2024. This unpatched flaw could allow attackers to intercept or manipulate unencrypted traffic, reroute DNS queries, and inject malicious payloads. The **Cybersecurity and Infrastructure Security Agency (CISA)** has added multiple **TP-Link** vulnerabilities to its Known Exploited Vulnerabilities catalog, including **CVE-2023-50224** and **CVE-2025-9377**, which have been exploited by the Quad9 botnet. Currently, **CISA** has flagged six **TP-Link** vulnerabilities as being actively exploited, with the oldest being a directory traversal vulnerability (**CVE-2015-3035**) affecting multiple Archer devices. ### Legal and Regulatory Scrutiny In February, Texas Attorney General Paxton sued **TP-Link Systems**, alleging deceptive practices related to router security and accusing the company of allowing Chinese state-sponsored hacking groups to exploit vulnerabilities. Furthermore, the U.S. Federal Communications Commission (FCC) recently updated its Covered List to include all consumer routers made in foreign countries, effectively banning the sale of new routers manufactured outside the U.S. due to national security concerns.