Details of VAR-202602-1986

ID

VAR-202602-1986

CVE

CVE-2025-15551

TITLE

TP-LINK Technologies of archer c20 Firmware and other multiple products Eval Injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2026-003895

DESCRIPTION

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge. JavaScript You can run the code.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, some of the software may stop functioning. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-15551 // JVNDB: JVNDB-2026-003895

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr850n	scope:	lt	version:	0.9.1_build251205	Trust: 1.0
vendor:	tp link	model:	tl-wr845n	scope:	lt	version:	251031	Trust: 1.0
vendor:	tp link	model:	archer c20	scope:	lt	version:	250630	Trust: 1.0
vendor:	tp link	model:	archer mr200	scope:	lt	version:	250917	Trust: 1.0
vendor:	tp link	model:	tl-wr850n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer mr200	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr845n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	archer c20	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-003895 // NVD: CVE-2025-15551

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-15551
value:	MEDIUM
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2025-15551
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2025-15551
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2025-15551
baseSeverity:	MEDIUM
baseScore:	5.6
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2025-15551
baseSeverity:	MEDIUM
baseScore:	5.6
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-003895 // NVD: CVE-2025-15551 // NVD: CVE-2025-15551

PROBLEMTYPE DATA

problemtype:	CWE-95	Trust: 1.0
problemtype:	Eval injection (CWE-95) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-003895 // NVD: CVE-2025-15551

PATCH

title:

Security Advisory on LAN Code Execution on Archer MR200, Archer C20, TL-WR850N, and TL-WR845N (CVE-2025-15551) | TP-Link

url:

https://www.tp-link.com/us/support/faq/4948/

Trust: 0.8

sources: JVNDB: JVNDB-2026-003895

EXTERNAL IDS

db:	NVD	id:	CVE-2025-15551	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-003895	Trust: 0.8

sources: JVNDB: JVNDB-2026-003895 // NVD: CVE-2025-15551

REFERENCES

url:	https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#firmware	Trust: 1.8
url:	https://www.tp-link.com/in/support/download/archer-mr200/v5.20/#firmware	Trust: 1.8
url:	https://www.tp-link.com/en/support/download/tl-wr845n/#firmware	Trust: 1.8
url:	https://www.tp-link.com/in/support/download/archer-c20/v6/#firmware	Trust: 1.8
url:	https://www.tp-link.com/en/support/download/archer-c20/v6/#firmware	Trust: 1.8
url:	https://www.tp-link.com/in/support/download/tl-wr845n/#firmware	Trust: 1.8
url:	https://www.tp-link.com/in/support/download/tl-wr850n/#firmware	Trust: 1.8
url:	https://www.tp-link.com/us/support/faq/4948/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-15551	Trust: 0.8

sources: JVNDB: JVNDB-2026-003895 // NVD: CVE-2025-15551

SOURCES

db:	JVNDB	id:	JVNDB-2026-003895
db:	NVD	id:	CVE-2025-15551

LAST UPDATE DATE

2026-02-18T23:26:16.490000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-003895	date:	2026-02-17T07:26:00
db:	NVD	id:	CVE-2025-15551	date:	2026-02-12T16:24:44.087

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-003895	date:	2026-02-17T00:00:00
db:	NVD	id:	CVE-2025-15551	date:	2026-02-05T18:16:09.593