CVE-2025-15605
EUVD-2025-20894323.03.2026, 18:16
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tp-link | archer_nx600_firmware | 𝑥 < 1.3.0 |
| tp-link | archer_nx500_firmware | 𝑥 < 1.5.0 |
| tp-link | archer_nx210_firmware | 𝑥 < 1.3.0 |
| tp-link | archer_nx200_firmware | 𝑥 < 1.3.0 |
| tp-link | archer_nx600_firmware | 𝑥 < 1.3.0 |
| tp-link | archer_nx600_firmware | 𝑥 < 1.4.0 |
| tp-link | archer_nx500_firmware | 𝑥 < 1.3.0 |
| tp-link | archer_nx210_firmware | 𝑥 < 1.3.0 |
| tp-link | archer_nx200_firmware | 𝑥 < 1.3.0 |
| tp-link | archer_nx200_firmware | 𝑥 < 1.8.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-321 - Use of Hard-coded Cryptographic KeyThe use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
References