Which versions of TP-Link are affected by CVE-2025-15518?

CVE-2025-15518 presents significant security risk, a OS command injection vulnerability rated CVSS 8.5.. A patch is available.

How to fix or mitigate CVE-2025-15518?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

TP-Link CVE-2025-15518

Q: What is the CVSS score of CVE-2025-15518?

CVE-2025-15518 has a CVSS 4.0 base score of 8.5 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2025-208939 HIGH

OS Command Injection (CWE-78)

2026-03-23 TPLink

GHSA-6mq5-gjcx-rvxq

Command Injection TP-Link

8.5

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

EUVD ID Assigned

Mar 23, 2026 - 18:15 euvd

EUVD-2025-208939

Analysis Generated

Mar 23, 2026 - 18:15 vuln.today

Patch released

Mar 23, 2026 - 18:15 nvd

Patch available

CVE Published

Mar 23, 2026 - 18:01 nvd

HIGH 8.5

DescriptionNVD

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.

AnalysisAI

A command injection vulnerability exists in the wireless-control administrative CLI command of TP-Link Archer NX series routers (models NX200, NX210, NX500, and NX600) due to improper input handling that allows crafted input to be executed as part of operating system commands. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary commands on the device, compromising confidentiality, integrity, and availability. Patches are available from the vendor for all affected models and versions.

Technical ContextAI

The vulnerability is a classic OS command injection flaw (CWE-78: Improper Neutralization of Special Elements used in an OS Command) in the administrative CLI interface of TP-Link's wireless-control management component. The affected products are TP-Link Archer NX series routers spanning multiple hardware revisions: Archer NX200 (versions 2.0, 2.20, 3.0), Archer NX210 (versions 2.0/2.20, 3.0), Archer NX500 (versions 1.0, 2.0), and Archer NX600 (versions 1.0, 2.0, 3.0), as documented in the CPE identifiers provided. The root cause stems from insufficient input validation in the wireless-control administrative command parsing logic, where user-supplied input is concatenated into system commands without proper escaping or sanitization, allowing attackers to inject arbitrary shell metacharacters and execute privileged commands with device-level access.

RemediationAI

Immediately download and apply the latest firmware patches from TP-Link's support website for your specific Archer NX model and current firmware version. Visit the model-specific firmware download pages (https://www.tp-link.com/en/support/download/archer-nx200/#Firmware for NX200, and similar URLs for NX210, NX500, and NX600) and upgrade to the latest available firmware release, which contains the command injection fix. If immediate patching is not possible, implement compensating controls by restricting administrative access to trusted network segments only, disabling remote management features where feasible, and ensuring strong authentication mechanisms (unique, complex administrative passwords) are enforced. Additionally, monitor administrative CLI command logs for suspicious activity or unusual command patterns. Once patched, verify the firmware version in the device's web interface to confirm successful application of the security update.