CVE-2025-15605
Published: 23 March 2026
Summary
CVE-2025-15605 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Tp-Link Archer Nx200. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 3.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-15605 involves a hardcoded cryptographic key in the configuration mechanism of TP-Link Archer NX200, NX210, NX500, and NX600 routers. This vulnerability enables decryption and re-encryption of device configuration data, compromising its confidentiality and integrity. Published on 2026-03-23, it carries a CVSS 3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-798 (Use of Hard-coded Credentials).
An authenticated attacker with low privileges (PR:L) on an adjacent network (AV:A) can exploit this with low complexity and no user interaction. Successful exploitation allows the attacker to decrypt configuration files, make arbitrary modifications, and re-encrypt them, enabling tampering with sensitive data such as network settings, credentials, or administrative configurations.
Mitigation is available through firmware updates provided by TP-Link on their support pages for Archer NX200, NX210, NX500, and NX600 models. Additional details are outlined in TP-Link FAQ 5027.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208943
Vulnerability details
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and…
more
integrity of device configuration data.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded key directly enables config decryption (T1602.002 Network Device Configuration Dump) and exposes unsecured credentials (T1552 Unsecured Credentials).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents exploitation of hardcoded cryptographic keys by requiring secure key establishment, distribution, and management practices in the router's configuration mechanism.
Mitigates the vulnerability through timely flaw remediation via vendor-provided firmware updates that remove the hardcoded key.
Detects unauthorized modifications to configuration data and firmware through integrity verification mechanisms like cryptographic hashes.