TP Link Archer NX under critical vulnerability threat that allows you to upload firmware and modify the configuration without authentication

TP-Link has released security updates to correct multiple failures in its Archer NX router family, including one of critical gravity that could allow an attacker to skip authentication and upload malicious firmware. The main problem, recorded as CVE-2025-15517, affects models such as Archer NX200, NX210, NX500 and NX600 and is due to the absence of authenticity verification on certain endpoints of the HTTP server of the computer.

In practical terms, this verification omission allows requests thought only for management or authenticated users to be executed by anyone who reaches the vulnerable interface. Among the actions that an attacker could do without being authenticated are the firmware load and the modification of configuration parameters, with all that implies: from installing persistent backdoors to changing DNS and redirecting or manipulating the traffic of devices in a domestic or small office.

The correction of this failure was not the only one: TP-Link also removed a cryptographic key embedded in the configuration mechanism that allowed an attacker with credentials to decipher configuration files, alter them and reencrypt them - a documented weakness in another entry of the fault family -. In addition, the company provided the injection vulnerabilities of commands that, in the hands of a committed administrator, made it possible to execute arbitrary commands on the system.

The official recommendation is clear and repeated: update firmware from official sources as soon as possible. TP-Link has posted ads and patches on its safety portal; downloading and installing the right version for the specific router model is the most direct way to block holdings that take advantage of these holes. If you need to focus on the official page where to find notices and downloads, TP-Link has a security warning center on your website ( TP-Link Security Advisory).

This episode is not isolated in the company's trajectory: in previous months vulnerabilities were detected and exploited that allowed for intercepting unencrypted traffic, redirecting DNS consultations and clicking web sessions. The U.S. agency CISA recently included several TP-Link device failures in its catalogue of known vulnerabilities exploited in nature; in September it added two failures to that catalogue and warned about real campaigns that take advantage of these weaknesses ( CISA statement). If you want to see the full list of TP-Link entries in the CISA catalogue you can do it here: Known Exploited Vulnerabilities (looking for "TP-Link").

For users and administrators who do not manage large deployments, there are immediate measures that should be taken in addition to applying the patch: check in the router interface that the installed version corresponds exactly to the model, always download firmware from the manufacturer's official website, disable remote management if not necessary and review administrative credentials by replacing passwords with other robust and unique ones. CISA offers general recommendations to protect domestic and small office network devices that are useful as security checklist: CISA Guide on the Safety of Domestic Devices.

Beyond the spot patch, the case raises questions about the responsibility of manufacturers and the practice of embed key or leave no controls in network equipment software. The repeated exposure to critical vulnerabilities and the finding of real holdings have motivated, in addition to technical notices, legal and regulatory actions in some countries. In the United States, for example, the history of consumer router failures has become public scrutiny and demands, a reminder that firmware safety and product life cycle are aspects of concern to both consumers and regulators.

If you have one of the models affected, Don't delay it.: locate the router update section, compare the available version with the latest one published by TP-Link and apply the update following the manufacturer's instructions. If you are not sure how to do it or detect strange behaviors (unexpected restarts, configuration changes, DNS readdresses), consider restoring the equipment to factory values and reconfigure from scratch after updating, and if appropriate, contact the TP-Link support or a trusted professional.

The lesson is simple but important: a router is not an electric home anymore, it is the gateway to the home network. Keeping your software up to date and applying basic good management practices can prevent such a failure from becoming a sustained intrusion or a support point for large-scale campaigns.