CVE-2025-15518
Received Received - Intake
OS Command Injection in TP-Link Archer NX Series Admin CLI

Publication date: 2026-03-23

Last updated on: 2026-03-31

Assigner: TPLink

Description
Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15518
EUVD
EUVD-2025-208939
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
tp-link archer_nx600_firmware to 1.3.0 (exc)
tp-link archer_nx500_firmware to 1.5.0 (exc)
tp-link archer_nx210_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.3.0 (exc)
tp-link archer_nx600_firmware to 1.4.0 (exc)
tp-link archer_nx500_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.8.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-15518 is a command injection vulnerability found in TP-Link Archer NX200, NX210, NX500, and NX600 devices. It occurs due to improper input handling in a wireless-control administrative Command Line Interface (CLI) command. An attacker who is authenticated and has administrative privileges can exploit this flaw by crafting malicious input that is executed as part of an operating system command on the device.'}, {'type': 'paragraph', 'content': "This vulnerability allows the attacker to execute arbitrary commands on the device's operating system."}] [4]

Impact Analysis

Exploitation of this vulnerability can impact the confidentiality, integrity, and availability of the affected device.

  • Confidentiality impact: Unauthorized access to sensitive information on the device.
  • Integrity impact: Potential modification or tampering with device settings or data.
  • Availability impact: Possible disruption or denial of service of the device.

Because the attacker must have administrative privileges and be authenticated, the risk is limited to users who already have high-level access, but the consequences can be severe.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the CVE-2025-15518 vulnerability, users are strongly advised to update their TP-Link Archer NX200, NX210, NX500, and NX600 devices to the latest firmware versions that contain the security fix.'}, {'type': 'paragraph', 'content': "Ensure that firmware updates are downloaded only from the official TP-Link website corresponding to your device's purchase region to avoid upgrade failures or warranty voidance."}, {'type': 'paragraph', 'content': 'Perform firmware upgrades via a wired connection to prevent disconnections during the update process, and avoid powering off the device during the upgrade to prevent permanent damage.'}] [4, 1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15518. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart