CVE-2025-15517
Published: 23 March 2026
Summary
CVE-2025-15517 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Tp-Link Archer Nx200. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2025-15517, published on 2026-03-23, is a missing authentication check vulnerability (CWE-306) in the HTTP server of TP-Link Archer NX200, NX210, NX500, and NX600 routers. The flaw affects certain CGI endpoints, enabling unauthenticated access to features intended exclusively for authenticated users. It carries a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
An unauthenticated attacker on an adjacent network can exploit this low-complexity vulnerability without user interaction. Exploitation allows performance of privileged HTTP actions, such as firmware uploads and configuration operations, resulting in high confidentiality and integrity impacts.
TP-Link provides firmware updates for mitigation on dedicated support download pages for the Archer NX200, NX210, NX500, and NX600 models, along with additional guidance in their FAQ at https://www.tp-link.com/us/support/faq/5027/.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208937
Vulnerability details
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and…
more
configuration operations.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication in HTTP server CGI endpoints enables unauthenticated attackers to exploit public-facing router web application for privileged actions like firmware uploads and configuration changes.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for logical access to system resources, directly addressing the missing authentication check on privileged CGI endpoints.
Explicitly identifies and authorizes only specific actions without identification or authentication while monitoring unauthorized use, preventing unintended unauthenticated access to firmware upload and configuration operations.
Requires timely identification, reporting, and correction of flaws like the missing authentication check via firmware updates provided by the vendor.