TP-Link Warns Users to Patch Critical Router Auth Bypass Flaw

The newly disclosed CVE‑2025‑15517 vulnerability strikes the heart of TP‑Link's Archer NX line, allowing threat actors to bypass the HTTP authentication check and push malicious firmware without any credentials. By exploiting unguarded CGI endpoints, attackers could gain full control over routing functions, open ports, and even intercept traffic. The simultaneous remediation of a hard‑coded cryptographic key (CVE‑2025‑15605) and two command‑injection bugs (CVE‑2025‑15518, CVE‑2025‑15519) underscores the breadth of the security gaps that have plagued TP‑Link devices for years.

These patches arrive against a backdrop of escalating scrutiny. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has cataloged six TP‑Link flaws as actively exploited, a tally that includes older vulnerabilities like CVE‑2015‑3035. Legal pressure mounts after the Texas Attorney General sued TP‑Link for allegedly misrepresenting its products' security, while the FCC's recent decision to bar new foreign‑manufactured consumer routers signals a shift toward protecting national infrastructure from supply‑chain risks. Together, these developments highlight a growing regulatory appetite to hold manufacturers accountable for systemic security failures.

For consumers and enterprises, the immediate takeaway is clear: apply the latest firmware without delay. Delaying updates not only leaves devices vulnerable to remote hijacking but also exposes users to potential liability, as TP‑Link explicitly disclaims responsibility for unmitigated risks. Looking ahead, the industry may see tighter standards for IoT and networking equipment, with manufacturers needing to adopt secure‑by‑design practices and transparent vulnerability disclosure to retain market access in the United States.