CVE-2025-15551
Unknown Unknown - Not Provided
JavaScript Injection via eval in TP-Link Router Admin Portal

Publication date: 2026-02-05

Last updated on: 2026-04-22

Assigner: TPLink

Description
The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check.Β Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15551
EUVD
EUVD-2025-206826
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
tp-link archer_mr200_firmware to 250917 (exc)
tp-link archer_c20_firmware to 250630 (exc)
tp-link tl-wr850n_firmware to 0.9.1_Build251205 (exc)
tp-link tl-wr845n_firmware to 251031 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-95 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "This vulnerability affects certain TP-Link router models including Archer MR200 v5.2, Archer C20 v6, TL-WR850N v3, and TL-WR845N v4. The issue arises because the router's response to any request is executed directly by a JavaScript function similar to eval without proper validation or checks."}, {'type': 'paragraph', 'content': "Attackers can exploit this flaw by performing a Man-in-the-Middle (MitM) attack, allowing them to execute arbitrary JavaScript code on the router's administrative web portal without the user's permission or knowledge."}] [6]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can allow attackers to execute arbitrary JavaScript code on your router's admin web portal without your consent. This can lead to unauthorized actions such as changing router settings, stealing sensitive information like passwords, or compromising the security of your network."}, {'type': 'paragraph', 'content': 'Because the attack requires a Man-in-the-Middle position, it means an attacker must be able to intercept your network traffic, which could happen on unsecured or compromised networks.'}, {'type': 'paragraph', 'content': 'If exploited, this vulnerability could lead to password leakage and unauthorized control over your router, potentially exposing your entire network to further attacks.'}] [6]

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the vulnerability in TP-Link Archer MR200, Archer C20, TL-WR850N, and TL-WR845N routers, immediately update the firmware to the latest fixed versions provided by TP-Link.'}, {'type': 'list_item', 'content': 'Archer MR200 v5.20: update to firmware version 1.2.0 Build 250917 Rel.51746 or later.'}, {'type': 'list_item', 'content': 'Archer C20 v6: update to firmware version 0.9.1 4.19 v0001.0 Build 250630 Rel.56583n or later.'}, {'type': 'list_item', 'content': 'TL-WR850N v3: update to firmware version 3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n or later.'}, {'type': 'list_item', 'content': 'TL-WR845N v4: update to firmware version 0.9.1 3.19 Build 251031 rel33710 or later.'}, {'type': 'paragraph', 'content': "After upgrading the firmware, change the router's administrative password to prevent unauthorized access and reduce the risk of password leakage."}] [6]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15551. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart