TP-Link warns users to patch critical router auth bypass flaw

TP-Link released patches for several serious vulnerabilities in its Archer NX200/210/500/600 routers—most notably CVE-2025-15517, an unauthenticated HTTP-server flaw that could permit firmware uploads—alongside fixes for a hardcoded crypto key (CVE-2025-15605) and admin-level command injections. The advisory urges immediate firmware updates and references historical exploitation of TP-Link flaws (including activity by the Quad7 botnet), CISA listings of exploited vulnerabilities, and related regulatory and legal developments.