CVE-2025-6982

EUVD-2025-21738
Use of Hard-coded Credentials in TP-Link Archer C50 V3(

<=

180703)/V4(



<=

250117

)/V5(



<=

200407

), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Common Weakness Enumeration
References
https://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware
https://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware
https://www.tp-link.com/us/support/faq/4538/
https://www.kb.cert.org/vuls/id/554637