Master Keys and Open Backdoors: TP-Link Issues Urgent Patch for Archer NX-Series Routers

**Executive Summary:** TP-Link has released critical firmware updates for Archer NX200, NX210, NX500, and NX600 routers to address several high-severity vulnerabilities — including an unauthenticated HTTP endpoint that permits privileged actions (CVE-2025-15517, CVSS 8.6), administrative command injection flaws requiring admin privileges (CVE-2026-15518 & CVE-2026-15519), and a hardcoded cryptographic key that can decrypt and re-encrypt device configuration (CVE-2025-15605) — and strongly urges affected users to download and apply the vendor patches immediately.