CVE-2025-15519
Received Received - Intake
OS Command Injection in TP-Link Archer NX Series Modem CLI

Publication date: 2026-03-23

Last updated on: 2026-03-31

Assigner: TPLink

Description
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-31
Generated
2026-06-18
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-17
NVD
CVE-2025-15519
EUVD
EUVD-2025-208940
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
tp-link archer_nx600_firmware to 1.3.0 (exc)
tp-link archer_nx500_firmware to 1.5.0 (exc)
tp-link archer_nx210_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.3.0 (exc)
tp-link archer_nx600_firmware to 1.4.0 (exc)
tp-link archer_nx500_firmware to 1.3.0 (exc)
tp-link archer_nx200_firmware to 1.8.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is caused by improper input handling in a modem-management administrative command line interface (CLI) command on certain TP-Link Archer models (NX200, NX210, NX500, and NX600). Specifically, crafted input provided by an authenticated attacker with administrative privileges can be executed as part of an operating system command.

This means that the attacker can inject and run arbitrary commands on the device's operating system through the CLI, exploiting the way input is processed.

Impact Analysis

An attacker exploiting this vulnerability can execute arbitrary commands on the affected device's operating system, which can compromise the device's confidentiality, integrity, and availability.

  • Confidentiality impact: Unauthorized access to sensitive information stored or processed by the device.
  • Integrity impact: Potential modification or corruption of device configurations or data.
  • Availability impact: Disruption or denial of service by executing commands that affect device operation.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15519. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart