TROYANOSYVIRUS
Voltar para CVEs

CVE-2025-15551

MEDIUM
5.6

Descricao

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Detalhes CVE

Pontuacao CVSS v3.15.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/5/2026
Ultima modificacao4/22/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

tp-link:archer_c20tp-link:archer_c20_firmwaretp-link:archer_mr200tp-link:archer_mr200_firmwaretp-link:tl-wr845ntp-link:tl-wr845n_firmwaretp-link:tl-wr850ntp-link:tl-wr850n_firmware

Fraquezas (CWE)

CWE-95

Referencias

https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/tl-wr845n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-c20/v6/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-mr200/v5.20/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr845n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware(f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4948/(f23511db-6c3e-4e32-a477-6aa17d310630)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.