Security Advisory

CVE-2025-15551

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-05 17:22:55

Last updated 2026-02-05 20:31:56

Assigner TPLink

State PUBLISHED

Description

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the routers admin web portal without the users permission or knowledge.

← Browse all CVEs View on cve.org ↗