← Retour aux CVEs
CVE-2025-15551
MEDIUM5.6
Description
The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
Details CVE
Score CVSS v3.15.6
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie2/5/2026
Derniere modification2/12/2026
Sourcenvd
Observations honeypot0
Produits affectes
tp-link:archer_c20tp-link:archer_c20_firmwaretp-link:archer_mr200tp-link:archer_mr200_firmwaretp-link:tl-wr845ntp-link:tl-wr845n_firmwaretp-link:tl-wr850ntp-link:tl-wr850n_firmware
Faiblesses (CWE)
CWE-95
References
https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/tl-wr845n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-c20/v6/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-mr200/v5.20/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr845n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4948/(f23511db-6c3e-4e32-a477-6aa17d310630)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.