CVE-2025-15518
OS Command Injection in TP-Link Archer NX Series Admin CLI
Publication date: 2026-03-23
Last updated on: 2026-03-31
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | archer_nx600_firmware | to 1.3.0 (exc) |
| tp-link | archer_nx500_firmware | to 1.5.0 (exc) |
| tp-link | archer_nx210_firmware | to 1.3.0 (exc) |
| tp-link | archer_nx200_firmware | to 1.3.0 (exc) |
| tp-link | archer_nx600_firmware | to 1.4.0 (exc) |
| tp-link | archer_nx500_firmware | to 1.3.0 (exc) |
| tp-link | archer_nx200_firmware | to 1.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-15518 is a command injection vulnerability found in TP-Link Archer NX200, NX210, NX500, and NX600 devices. It occurs due to improper input handling in a wireless-control administrative Command Line Interface (CLI) command. An attacker who is authenticated and has administrative privileges can exploit this flaw by crafting malicious input that is executed as part of an operating system command on the device.'}, {'type': 'paragraph', 'content': "This vulnerability allows the attacker to execute arbitrary commands on the device's operating system."}] [4]
How can this vulnerability impact me? :
Exploitation of this vulnerability can impact the confidentiality, integrity, and availability of the affected device.
- Confidentiality impact: Unauthorized access to sensitive information on the device.
- Integrity impact: Potential modification or tampering with device settings or data.
- Availability impact: Possible disruption or denial of service of the device.
Because the attacker must have administrative privileges and be authenticated, the risk is limited to users who already have high-level access, but the consequences can be severe.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate the CVE-2025-15518 vulnerability, users are strongly advised to update their TP-Link Archer NX200, NX210, NX500, and NX600 devices to the latest firmware versions that contain the security fix.'}, {'type': 'paragraph', 'content': "Ensure that firmware updates are downloaded only from the official TP-Link website corresponding to your device's purchase region to avoid upgrade failures or warranty voidance."}, {'type': 'paragraph', 'content': 'Perform firmware upgrades via a wired connection to prevent disconnections during the update process, and avoid powering off the device during the upgrade to prevent permanent damage.'}] [4, 1, 2, 3]