TROYANOSYVIRUS
Volver a CVEs

CVE-2025-15551

MEDIUM
5.6

Descripcion

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Detalles CVE

Puntuacion CVSS v3.15.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/5/2026
Ultima modificacion4/22/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

tp-link:archer_c20tp-link:archer_c20_firmwaretp-link:archer_mr200tp-link:archer_mr200_firmwaretp-link:tl-wr845ntp-link:tl-wr845n_firmwaretp-link:tl-wr850ntp-link:tl-wr850n_firmware

Debilidades (CWE)

CWE-95

Referencias

https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/tl-wr845n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-c20/v6/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-mr200/v5.20/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr845n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4948/(f23511db-6c3e-4e32-a477-6aa17d310630)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.