Critical TP-Link Archer NX flaws let hackers bypass login and upload new firmware

Published: 26 March 2026
Last updated: 26 March 2026
tp-link-archer-nx
Image by Cybernews.

TP-Link has disclosed critical vulnerabilities affecting its TP-Link Archer NX series routers, which are highly popular in Europe, and is urging users to update their firmware. Attackers can bypass authentication and even upload new firmware.

Four highly-severe flaws plague TP-Link Archer NX200, NX210, NX500, and NX600 routers. These products combine 5G cellular connectivity with WiFi 6/AX standard.

While TP-Link says these routers aren't sold in the US, in Europe, they’re highly popular. For example, on Amazon in Germany, where the market is dominated by local AVM Fritzbox routers, the TP-Link NX200 is the 12th-best-selling router.

ADVERTISEMENT
archer nx200

According to TP-Link’s security advisory, certain parts of the routers’ admin panel can be accessed without any login. This means that attackers can perform some privileged operations.

“A missing authentication check in the HTTP server to certain CGI endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations,” the description states.

The vulnerability, tracked as CVE-2025-15517, has an 8.6 out of 10 severity rating.

Additional vulnerabilities enable hackers who have gained admin access to run commands at the OS level, beyond what the router was designed to allow. This could lead to the deployment of hidden malware and backdoors.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“Improper input handling in an administrative CLI command allows crafted input to be executed as part of an OS command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting confidentiality, integrity, and availability of the device,” TP-Link explains in the advisory.

Even encrypted configuration data isn’t safe, because it can be unlocked using a hardcoded cryptographic key

“An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting confidentiality and integrity of device configuration data,” TP-Link acknowledges.

ADVERTISEMENT

The vulnerabilities affect Archer NX200 hardware versions v1.0, v2.0, v2.20, and v3.0, NX210 versions v2.0, v2.20, and v3.0, NX500 versions v1.0 and v2.0, and Archer NX600 versions v1.0, v2.0, and v3.0."

Has my data been leaked?
Check Now

TP-Link “strongly recommends” users download and update to the latest firmware versions to fix the vulnerabilities.

“If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory,” the advisory reads.

The vendor credited Saifeldeen Aziz (@wr3nchsr) of CyShield Security R&D for reporting the vulnerabilities.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT