CVE-2025-15551

LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

CVSS 5.9 MEDIUMEPSS 0.4%CWE-95

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Productos afectados

TP Link Systems Inc. · TL-WR845N v4 TP Link Systems Inc. · TL-WR850N v3 TP-Link Systems Inc. · Archer C20 v5 TP-Link Systems Inc. · Archer C20 v6 TP-Link Systems Inc. · Archer MR200 v5.2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias