CVE-2025-15519
Received Received - Intake
OS Command Injection in TP-Link Archer NX Series Modem CLI

Publication date: 2026-03-23

Last updated on: 2026-03-31

Assigner: TPLink

Description
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-31
Generated
2026-05-06
AI Q&A
2026-03-23
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15519
EUVD
EUVD-2025-208940
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
tp-link archer_nx600_firmware to 1.3.0 (exc)
tp-link archer_nx500_firmware to 1.5.0 (exc)
tp-link archer_nx210_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.3.0 (exc)
tp-link archer_nx600_firmware to 1.4.0 (exc)
tp-link archer_nx500_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.8.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is caused by improper input handling in a modem-management administrative command line interface (CLI) command on certain TP-Link Archer models (NX200, NX210, NX500, and NX600). Specifically, crafted input provided by an authenticated attacker with administrative privileges can be executed as part of an operating system command.

This means that the attacker can inject and run arbitrary commands on the device's operating system through the CLI, exploiting the way input is processed.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can execute arbitrary commands on the affected device's operating system, which can compromise the device's confidentiality, integrity, and availability.

  • Confidentiality impact: Unauthorized access to sensitive information stored or processed by the device.
  • Integrity impact: Potential modification or corruption of device configurations or data.
  • Availability impact: Disruption or denial of service by executing commands that affect device operation.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart