CVE-2025-15551
JavaScript Injection via eval in TP-Link Router Admin Portal
Publication date: 2026-02-05
Last updated on: 2026-04-22
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_mr200_firmware | to 250917 (exc) |
| tp-link | archer_c20_firmware | to 250630 (exc) |
| tp-link | tl-wr850n_firmware | to 0.9.1_Build251205 (exc) |
| tp-link | tl-wr845n_firmware | to 251031 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability affects certain TP-Link router models including Archer MR200 v5.2, Archer C20 v6, TL-WR850N v3, and TL-WR845N v4. The issue arises because the router's response to any request is executed directly by a JavaScript function similar to eval without proper validation or checks."}, {'type': 'paragraph', 'content': "Attackers can exploit this flaw by performing a Man-in-the-Middle (MitM) attack, allowing them to execute arbitrary JavaScript code on the router's administrative web portal without the user's permission or knowledge."}] [6]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can allow attackers to execute arbitrary JavaScript code on your router's admin web portal without your consent. This can lead to unauthorized actions such as changing router settings, stealing sensitive information like passwords, or compromising the security of your network."}, {'type': 'paragraph', 'content': 'Because the attack requires a Man-in-the-Middle position, it means an attacker must be able to intercept your network traffic, which could happen on unsecured or compromised networks.'}, {'type': 'paragraph', 'content': 'If exploited, this vulnerability could lead to password leakage and unauthorized control over your router, potentially exposing your entire network to further attacks.'}] [6]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate the vulnerability in TP-Link Archer MR200, Archer C20, TL-WR850N, and TL-WR845N routers, immediately update the firmware to the latest fixed versions provided by TP-Link.'}, {'type': 'list_item', 'content': 'Archer MR200 v5.20: update to firmware version 1.2.0 Build 250917 Rel.51746 or later.'}, {'type': 'list_item', 'content': 'Archer C20 v6: update to firmware version 0.9.1 4.19 v0001.0 Build 250630 Rel.56583n or later.'}, {'type': 'list_item', 'content': 'TL-WR850N v3: update to firmware version 3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n or later.'}, {'type': 'list_item', 'content': 'TL-WR845N v4: update to firmware version 0.9.1 3.19 Build 251031 rel33710 or later.'}, {'type': 'paragraph', 'content': "After upgrading the firmware, change the router's administrative password to prevent unauthorized access and reduce the risk of password leakage."}] [6]