Home

Description

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

PUBLISHED Reserved 2026-01-29 | Published 2026-02-05 | Updated 2026-02-05 | Assigner TPLink




MEDIUM: 5.9CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Product status

Default status
unaffected

Any version before 1.2.0 Build 250917 Rel.51746
affected

Default status
unaffected

Any version before 0.9.1 4.19 v0001.0 Build 250630 Rel.56583n
affected

Default status
unaffected

Any version before 3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n
affected

Default status
unaffected

Any version before 0.9.1 3.19 Build 251031 rel33710
affected

Credits

Swaroop Dora, Deven Lunkad, Ashutosh Kumar, and S. Venkatesan from IoT Security Research Lab, Indian Institute of Information Technology, Allahabad finder

References

www.tp-link.com/en/support/download/archer-mr200/v5.20/ patch

www.tp-link.com/en/support/download/archer-c20/v6/ patch

www.tp-link.com/in/support/download/tl-wr850n/ patch

www.tp-link.com/en/support/download/tl-wr845n/ patch

www.tp-link.com/in/support/download/archer-mr200/v5.20/ patch

www.tp-link.com/in/support/download/archer-c20/v6/ patch

www.tp-link.com/in/support/download/tl-wr845n/ patch

www.tp-link.com/us/support/faq/4948/ vendor-advisory

cve.org (CVE-2025-15551)

nvd.nist.gov (CVE-2025-15551)

Download JSON