CVE-2025-15551
Published: Feb 5, 2026
Modified: Apr 22, 2026
Description
The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
| Vendor | Product | Versions |
|---|---|---|
TP-Link Systems Inc. | Archer MR200 v5.2 | affected 0 - < 1.2.0 Build 250917 Rel.51746 |
TP-Link Systems Inc. | Archer C20 v6 | affected 0 - < 0.9.1 4.19 v0001.0 Build 250630 Rel.56583n |
TP Link Systems Inc. | TL-WR850N v3 | affected 0 - < 3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n |
TP Link Systems Inc. | TL-WR845N v4 | affected 0 - < 0.9.1 3.19 Build 251031 rel33710 |
TP-Link Systems Inc. | Archer C20 v5 | affected 0 - < US_V5_260419affected 0 - < EU_V5_260317 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now