{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15519", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "state": "PUBLISHED", "assignerShortName": "TPLink", "dateReserved": "2026-01-13T19:45:17.342Z", "datePublished": "2026-03-23T18:01:50.036Z", "dateUpdated": "2026-03-24T03:56:00.901Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-03-23T18:01:50.036Z"}, "title": "Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "Archer NX600 v3.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260309", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX600 v2.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX600 v1.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.0 Build 260311", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX500 v2.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "< 1.5.0 Build 260309", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX500 v1.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX210 v3.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260309", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX210 v2.0 v2.20", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v3.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "< 1.3.0 Build 260309", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v2.20", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v2.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v1.0", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "0", "lessThan": "1.8.0 Build 260311", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device."}]}], "references": [{"url": "https://www.tp-link.com/en/support/download/archer-nx200/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-nx210/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-nx500/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-nx600/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/faq/5027/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Saifeldeen Aziz from Cyshield", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-15519"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T03:56:00.901Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-15519", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T19:06:17.689788Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T19:07:23.210Z"}}], "cna": {"title": "Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Saifeldeen Aziz from Cyshield"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TP-Link Systems Inc.", "product": "Archer NX600 v3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260309", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX600 v2.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX600 v1.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.4.0 Build 260311", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX500 v2.0", "versions": [{"status": "affected", "version": "0", "lessThan": "< 1.5.0 Build 260309", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX500 v1.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX210 v3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260309", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX210 v2.0 v2.20", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "< 1.3.0 Build 260309", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v2.20", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v2.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.3.0 Build 260311", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "TP-Link Systems Inc.", "product": "Archer NX200 v1.0", "versions": [{"status": "affected", "version": "0", "lessThan": "1.8.0 Build 260311", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.tp-link.com/en/support/download/archer-nx200/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-nx210/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-nx500/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/en/support/download/archer-nx600/#Firmware", "tags": ["patch"]}, {"url": "https://www.tp-link.com/us/support/faq/5027/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.", "supportingMedia": [{"type": "text/html", "value": "Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "shortName": "TPLink", "dateUpdated": "2026-03-23T18:01:50.036Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15519", "state": "PUBLISHED", "dateUpdated": "2026-03-24T03:56:00.901Z", "dateReserved": "2026-01-13T19:45:17.342Z", "assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630", "datePublished": "2026-03-23T18:01:50.036Z", "assignerShortName": "TPLink"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "77429691-1193-4480-A64E-E1FB19D6A073", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx600:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "58132EDD-47B7-4E46-B280-FE58A920AE43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70EF52E9-1D92-4778-99C5-3B76B81681FA", "versionEndExcluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx500:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "40D78DBB-CAEA-4C2E-B703-2898B73A0A5E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "22EA51B1-332E-48BB-BDBA-09A99ECB942F", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx210:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA336E76-7910-4780-BCA0-1DA2AA7F9418", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48125D02-70B1-4448-BB33-4759FF0E3936", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx200:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD6E8279-6E92-47B5-9EEB-CD83355EF693", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "77429691-1193-4480-A64E-E1FB19D6A073", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx600:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D75A95F3-D299-4037-A755-A6818169762F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34DC2394-8F53-4C1C-A2AC-E23CE5CB6D2F", "versionEndExcluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx600:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D20EAF3-A85A-42B1-AF19-D72292523593", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EC93BA6-FB10-4993-838A-C82FA984B6BB", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx500:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "581891F1-F50F-49B0-AB3D-B56ECF43F78B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "22EA51B1-332E-48BB-BDBA-09A99ECB942F", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx210:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0C230FE9-FBA9-4DAB-B7C1-2A270F57915C", "vulnerable": false}, {"criteria": "cpe:2.3:h:tp-link:archer_nx210:2.20:*:*:*:*:*:*:*", "matchCriteriaId": "FA0FC692-C2F1-4C0C-9502-84852BDCD7E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48125D02-70B1-4448-BB33-4759FF0E3936", "versionEndExcluding": "1.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx200:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A953B18E-F832-4EE9-8821-4F60DC031715", "vulnerable": false}, {"criteria": "cpe:2.3:h:tp-link:archer_nx200:2.20:*:*:*:*:*:*:*", "matchCriteriaId": "10E43B48-2BA2-45ED-9C43-AAD2B021B3D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "98759C1B-F1B7-4EAC-BC4B-998ACB4B0C0B", "versionEndExcluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:archer_nx200:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D2C0169-5369-42A5-B4E3-E7DBED807789", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device."}, {"lang": "es", "value": "Manejo inadecuado de entradas en un comando CLI administrativo de gesti\u00f3n de m\u00f3dem en TP-Link Archer NX200, NX210, NX500 y NX600 permite que una entrada manipulada sea ejecutada como parte de un comando del sistema operativo. Un atacante autenticado con privilegios administrativos puede ejecutar comandos arbitrarios en el sistema operativo, afectando la confidencialidad, integridad y disponibilidad del dispositivo."}], "id": "CVE-2025-15519", "lastModified": "2026-03-31T19:04:48.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}, "published": "2026-03-23T18:16:23.840", "references": [{"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/en/support/download/archer-nx200/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/en/support/download/archer-nx210/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/en/support/download/archer-nx500/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Product"], "url": "https://www.tp-link.com/en/support/download/archer-nx600/#Firmware"}, {"source": "f23511db-6c3e-4e32-a477-6aa17d310630", "tags": ["Vendor Advisory"], "url": "https://www.tp-link.com/us/support/faq/5027/"}], "sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "f23511db-6c3e-4e32-a477-6aa17d310630", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.8.0 Build 260311)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX200 v1.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx200_v1.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260311)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX200 v2.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx200_v2.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260311)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX200 v2.20", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx200_v2.20", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260309)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX200 v3.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx200_v3.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260311)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX210 v2.0 v2.20", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx210_v2.0_v2.20", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260309)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX210 v3.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx210_v3.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260311)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX500 v1.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx500_v1.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.5.0 Build 260309)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX500 v2.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx500_v2.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.4.0 Build 260311)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX600 v1.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx600_v1.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260311)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX600 v2.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx600_v2.0", "vendor": "tp-link"}, {"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.3.0 Build 260309)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Archer NX600 v3.0", "source": "cna", "vendor": "TP-Link Systems Inc."}, "product": "archer_nx600_v3.0", "vendor": "tp-link"}], "analysis": {"en": {"generated_at": "2026-04-01T03:25:10.248339+00:00", "value": {"mitigation_remediation": ["Update the firmware on all affected TP\u2011Link Archer NX200, NX210, NX500, and NX600 devices to the latest version available from TP\u2011Link support pages.", "If an update is not yet available, disable or lock down remote access to the modem\u2011management CLI and limit administrative credentials to trusted personnel.", "Continuously monitor device logs for unexpected command execution and configure alerts for anomalous activity."], "summary": {"action": "Apply Patch", "impact": "Arbitrary operating system command execution"}, "threat_synthesis": {"affected_systems": "The affected devices are TP\u2011Link Archer model series manufactured by TP\u2011Link Systems Inc. The vulnerable firmware versions are Archer\u202fNX200 v1.0, v2.0, v2.20 and v3.0; Archer\u202fNX210 v2.0, v2.20 and v3.0; Archer\u202fNX500 v1.0 and v2.0; and Archer\u202fNX600 v1.0, v2.0 and v3.0. Firmware updates or newer releases beyond these versions are not listed as affected.", "description_and_impact": "The vulnerability arises from improper sanitization of input in a modem\u2011management administrative CLI command. An attacker who is already authenticated with administrative privileges can supply specially crafted data that is passed directly to the underlying operating system shell. This results in arbitrary OS command execution, which can lead to compromise of confidentiality, integrity and availability of the device.", "risk_and_exploitability": "The CVSS score of 8.5 signals high severity. The EPSS score of less than 1% indicates that exploitation likelihood is presently low, and the vulnerability is not catalogued in CISA\u2019s KEV list. Because the flaw requires local or remote access to the modem management CLI with administrative rights, an attacker who has breached local network control or obtained credentials could execute arbitrary commands, blowing away system integrity and potentially allowing further lateral movement. Organizations should assess whether their networks expose the management interface to untrusted networks and enforce strict access controls."}}}}, "created": "2026-03-24T10:33:28.652002+00:00", "updated": "2026-04-02T07:59:26.319581+00:00", "vendors": ["tp-link", "tp-link$PRODUCT$archer_nx200_v1.0", "tp-link$PRODUCT$archer_nx200_v2.0", "tp-link$PRODUCT$archer_nx200_v2.20", "tp-link$PRODUCT$archer_nx200_v3.0", "tp-link$PRODUCT$archer_nx210_v2.0_v2.20", "tp-link$PRODUCT$archer_nx210_v3.0", "tp-link$PRODUCT$archer_nx500_v1.0", "tp-link$PRODUCT$archer_nx500_v2.0", "tp-link$PRODUCT$archer_nx600_v1.0", "tp-link$PRODUCT$archer_nx600_v2.0", "tp-link$PRODUCT$archer_nx600_v3.0"]}