Vulnerability in Tp-link Systems Inc. Archer Nx200 V1.0

CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files…

EPSS: 0.000 (7.2th percentile) — read the EPSS interpretation.

Affected products

Tp-link Systems Inc. Archer Nx200 V1.0 — versions 0
Tp-link Systems Inc. Archer Nx200 V2.0 — versions 0
Tp-link Systems Inc. Archer Nx200 V2.20 — versions 0
Tp-link Systems Inc. Archer Nx200 V3.0 — versions 0
Tp-link Systems Inc. Archer Nx210 V2.0 V2.20 — versions 0
Tp-link Systems Inc. Archer Nx210 V3.0 — versions 0
Tp-link Systems Inc. Archer Nx500 V1.0 — versions 0
Tp-link Systems Inc. Archer Nx500 V2.0 — versions 0
Tp-link Systems Inc. Archer Nx600 V1.0 — versions 0
Tp-link Systems Inc. Archer Nx600 V2.0 — versions 0

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

References

www.tp-link.com/en/support/download/archer-nx200/ (patch)
www.tp-link.com/en/support/download/archer-nx210/ (patch)
www.tp-link.com/en/support/download/archer-nx500/ (patch)
www.tp-link.com/en/support/download/archer-nx600/ (patch)
www.tp-link.com/us/support/faq/5027/ (vendor-advisory)