Attackers can load manipulated firmware onto TP-Link routers
In current firmwares for TP-Link's Archer routers, developers have closed four security vulnerabilities.
(Image: ZinaidaSopina/Shutterstock.com)
Due to several software vulnerabilities, attackers can completely compromise TP-Link Archer series routers. All now-closed vulnerabilities are classified as “high” in terms of threat level.
So far, there are no indications of ongoing attacks. The manufacturer advises owners to install the available security patches promptly.
Specifically, models Archer NX200, NX210, NX500, and NX600 are threatened. In a warning message, the developers assure that the vulnerabilities in firmwares 1.3.0 Build 260311, 1.3.0 Build 260309, 1.4.0 Build 260311, 1.5.0 Build 260309, and 1.8.0 Build 260311 have been closed. According to the developers, all previous versions are vulnerable.
The Dangers
An authentication vulnerability in the HTTP server (CVE-2025-15517) is considered the most dangerous. At this point, attackers can access devices without logging in and, in the worst case, upload and install firmware prepared with malicious code.
For the exploitation of two further vulnerabilities (CVE-2026-15518, CVE-2026-15519), attackers require admin rights. If this is the case, they can execute their commands at the operating system level.
Videos by heise
Due to a hard-coded cryptographic key in the context of device configuration, attackers can tamper with settings (CVE-2025-15605).
(des)
