Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-15551

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Published

2026-02-05T18:16:09.593

Last Modified

2026-02-12T16:24:44.087

Status

Analyzed

Source

f23511db-6c3e-4e32-a477-6aa17d310630

Severity

CVSSv3.1: 5.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-95

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	tp-link	archer_mr200_firmware	< 250917	Yes
Hardware	tp-link	archer_mr200	5.20	No
Operating System	tp-link	archer_c20_firmware	< 250630	Yes
Hardware	tp-link	archer_c20	6	No
Operating System	tp-link	tl-wr850n_firmware	< 0.9.1_Build251205	Yes
Hardware	tp-link	tl-wr850n	3	No
Operating System	tp-link	tl-wr845n_firmware	< 251031	Yes
Hardware	tp-link	tl-wr845n	4	No

References

https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#Firmware Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/en/support/download/tl-wr845n/#Firmware Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-c20/v6/#Firmware Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/archer-mr200/v5.20/#Firmware Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr845n/#Firmware Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware Product (f23511db-6c3e-4e32-a477-6aa17d310630)
https://www.tp-link.com/us/support/faq/4948/ Vendor Advisory (f23511db-6c3e-4e32-a477-6aa17d310630)