CVE-2025-15605 HIGH

CVE-2025-15605: Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600

Vendor Tp-Link Systems Inc.
Product Archer NX600 v3.0
Weakness CWE-321
Published March 23, 2026
Last update March 24, 2026

CVSS base score

8.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.

Key dates

02Disclosure timeline

March 23, 2026 CVE published
March 24, 2026 Record updated