Description
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.
Published:
2026-03-23
Score:
8.5 High
EPSS:
< 1% Very Low
KEV:
No
Impact:
Confidentiality and Integrity Breach of Device Configuration
Action:
Immediate Patch
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Archer NX600 v3.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX600 v2.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX600 v1.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX500 v2.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX500 v1.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX210 v3.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX210 v2.0 v2.20 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX200 v3.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX200 v2.20 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX200 v2.0 | unaffected |
|
||||||
| TP-Link Systems Inc. | Archer NX200 v1.0 | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Tp-link | Archer Nx200 V1.0 | 100% |
|
||||||||
| Tp-link | Archer Nx200 V2.0 | 100% |
|
||||||||
| Tp-link | Archer Nx200 V2.20 | 100% |
|
||||||||
| Tp-link | Archer Nx200 V3.0 | 100% |
|
||||||||
| Tp-link | Archer Nx210 V2.0 V2.20 | 100% |
|
||||||||
| Tp-link | Archer Nx210 V3.0 | 100% |
|
||||||||
| Tp-link | Archer Nx500 V1.0 | 100% |
|
||||||||
| Tp-link | Archer Nx500 V2.0 | 100% |
|
||||||||
| Tp-link | Archer Nx600 V1.0 | 100% |
|
||||||||
| Tp-link | Archer Nx600 V2.0 | 100% |
|
||||||||
| Tp-link | Archer Nx600 V3.0 | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 31 Mar 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tp-link archer Nx200
Tp-link archer Nx200 Firmware Tp-link archer Nx210 Tp-link archer Nx210 Firmware Tp-link archer Nx500 Tp-link archer Nx500 Firmware Tp-link archer Nx600 Tp-link archer Nx600 Firmware |
|
| Weaknesses | CWE-798 | |
| CPEs | cpe:2.3:h:tp-link:archer_nx200:1.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx200:2.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx200:2.20:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx200:3.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx210:2.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx210:2.20:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx210:3.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx500:1.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx500:2.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx600:1.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx600:2.0:*:*:*:*:*:*:* cpe:2.3:h:tp-link:archer_nx600:3.0:*:*:*:*:*:*:* cpe:2.3:o:tp-link:archer_nx200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tp-link:archer_nx210_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tp-link:archer_nx500_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tp-link:archer_nx600_firmware:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Tp-link archer Nx200
Tp-link archer Nx200 Firmware Tp-link archer Nx210 Tp-link archer Nx210 Firmware Tp-link archer Nx500 Tp-link archer Nx500 Firmware Tp-link archer Nx600 Tp-link archer Nx600 Firmware |
|
| Metrics |
cvssV3_1
|
Tue, 24 Mar 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tp-link
Tp-link archer Nx200 V1.0 Tp-link archer Nx200 V2.0 Tp-link archer Nx200 V2.20 Tp-link archer Nx200 V3.0 Tp-link archer Nx210 V2.0 V2.20 Tp-link archer Nx210 V3.0 Tp-link archer Nx500 V1.0 Tp-link archer Nx500 V2.0 Tp-link archer Nx600 V1.0 Tp-link archer Nx600 V2.0 Tp-link archer Nx600 V3.0 |
|
| Vendors & Products |
Tp-link
Tp-link archer Nx200 V1.0 Tp-link archer Nx200 V2.0 Tp-link archer Nx200 V2.20 Tp-link archer Nx200 V3.0 Tp-link archer Nx210 V2.0 V2.20 Tp-link archer Nx210 V3.0 Tp-link archer Nx500 V1.0 Tp-link archer Nx500 V2.0 Tp-link archer Nx600 V1.0 Tp-link archer Nx600 V2.0 Tp-link archer Nx600 V3.0 |
Mon, 23 Mar 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 23 Mar 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data. | |
| Title | Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 | |
| Weaknesses | CWE-321 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Subscriptions
Tp-link
Subscribe
Archer Nx200
Subscribe
Archer Nx200 Firmware
Subscribe
Archer Nx200 V1.0
Subscribe
Archer Nx200 V2.0
Subscribe
Archer Nx200 V2.20
Subscribe
Archer Nx200 V3.0
Subscribe
Archer Nx210
Subscribe
Archer Nx210 Firmware
Subscribe
Archer Nx210 V2.0 V2.20
Subscribe
Archer Nx210 V3.0
Subscribe
Archer Nx500
Subscribe
Archer Nx500 Firmware
Subscribe
Archer Nx500 V1.0
Subscribe
Archer Nx500 V2.0
Subscribe
Archer Nx600
Subscribe
Archer Nx600 Firmware
Subscribe
Archer Nx600 V1.0
Subscribe
Archer Nx600 V2.0
Subscribe
Archer Nx600 V3.0
Subscribe
MITRE
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-03-24T03:56:03.860Z
Reserved: 2026-03-09T17:31:03.466Z
Link: CVE-2025-15605
Vulnrichment
Updated: 2026-03-23T19:07:25.221Z
NVD
Status : Analyzed
Published: 2026-03-23T18:16:24.067
Modified: 2026-03-31T19:04:37.933
Link: CVE-2025-15605
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-04-02T07:59:25Z