CVE-2025-15551: LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-15551

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

Source: NVD (National Vulnerability Database)

Vulnerability Description

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

动态执行代码中指令转义处理不恰当(Eval注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

TP-Link多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TP-Link Archer MR200等都是中国普联（TP-Link）公司的一个WiFi路由器。 TP-Link多款产品存在安全漏洞，该漏洞源于响应未经检查直接由eval等JavaScript函数执行，攻击者可通过中间人攻击在路由器管理门户上执行JavaScript代码。以下产品及版本受到影响：Archer MR200 v5.2版本、C20 v6版本、TL-WR850N v3版本和TL-WR845N v4版本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
TP-Link Systems Inc.	Archer MR200 v5.2	0 ~ 1.2.0 Build 250917 Rel.51746	-
TP-Link Systems Inc.	Archer C20 v6	0 ~ 0.9.1 4.19 v0001.0 Build 250630 Rel.56583n	-
TP Link Systems Inc.	TL-WR850N v3	0 ~ 3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n	-
TP Link Systems Inc.	TL-WR845N v4	0 ~ 0.9.1 3.19 Build 251031 rel33710	-
TP-Link Systems Inc.	Archer C20 v5	0 ~ US_V5_260419	-

II. Public POCs for CVE-2025-15551

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-15551

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: TP-Link Systems Inc.

Same weakness: CWE-95

V. Comments for CVE-2025-15551

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-15551

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-15551

III. Intelligence Information for CVE-2025-15551

IV. Related Vulnerabilities

V. Comments for CVE-2025-15551

Leave a comment