Patch now: TP-Link Archer NX routers vulnerable to firmware takeover

TP-Link issued firmware updates for Archer NX series routers to address high-severity vulnerabilities including CVE-2025-15517 (authentication bypass allowing unauthenticated firmware upload) and CVE-2025-15605 (hardcoded cryptographic key enabling config decryption); multiple NX200/NX210/NX500/NX600 models and firmware versions are affected and users are urged to install fixes. The report also notes related TP-Link flaws added to CISA's KEV and mentions U.S. regulatory actions concerning the security of consumer routers.