CVE-2025-15605
Published: 23 March 2026
Summary
CVE-2025-15605 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Tp-Link Archer Nx200. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 6.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents exploitation of hardcoded cryptographic keys by requiring secure key establishment, distribution, and management practices in the router's configuration mechanism.
Mitigates the vulnerability through timely flaw remediation via vendor-provided firmware updates that remove the hardcoded key.
Detects unauthorized modifications to configuration data and firmware through integrity verification mechanisms like cryptographic hashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Hardcoded key directly enables config decryption (T1602.002 Network Device Configuration Dump) and exposes unsecured credentials (T1552 Unsecured Credentials).
NVD Description
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and…
more
integrity of device configuration data.
Deeper analysisAI
CVE-2025-15605 involves a hardcoded cryptographic key in the configuration mechanism of TP-Link Archer NX200, NX210, NX500, and NX600 routers. This vulnerability enables decryption and re-encryption of device configuration data, compromising its confidentiality and integrity. Published on 2026-03-23, it carries a CVSS 3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-798 (Use of Hard-coded Credentials).
An authenticated attacker with low privileges (PR:L) on an adjacent network (AV:A) can exploit this with low complexity and no user interaction. Successful exploitation allows the attacker to decrypt configuration files, make arbitrary modifications, and re-encrypt them, enabling tampering with sensitive data such as network settings, credentials, or administrative configurations.
Mitigation is available through firmware updates provided by TP-Link on their support pages for Archer NX200, NX210, NX500, and NX600 models. Additional details are outlined in TP-Link FAQ 5027.
Details
- CWE(s)