TP-Link Fixes Critical Security Flaws in Routers
Recent Vulnerabilities in Routers and Software
There have been several recent discoveries of high-severity vulnerabilities in various devices and software.
TP-Link Router Vulnerabilities
TP-Link has released patches for four high-severity vulnerabilities in its Archer NX series of routers, including CVE-2025-15517, CVE-2025-15518, CVE-2025-15519, and CVE-2025-15605.
- CVE-2025-15517 allows attackers to bypass authentication and execute unauthorized actions with minimal user privileges.
- CVE-2025-15518 and CVE-2025-15519 are command injection bugs that require administrative permissions to be effective.
- CVE-2025-15605 arises due to the use of a hardcoded cryptographic key for encrypting and decrypting configuration files.
According to Cisco’s Talos research group, TP-Link’s Archer AX53 routers contain 10 vulnerabilities, including nine memory safety issues and one misconfiguration problem resulting in credential leakage.
Talos discovered these vulnerabilities after reporting them to TP-Link in October 2025, who then released updates for their Archer AX53 v1.0 routers in early February.
Other Vulnerabilities
Talos also found 19 issues in Canva’s Affinity pixel and vector graphics tool and one issue in Hikvision’s facial recognition terminals.
- The 19 Affinity vulnerabilities include 18 that allow disclosure of sensitive information and one that permits execution of arbitrary code through specially crafted EMF files.
- The Hikvision vulnerability allows for remote code execution via specially crafted network packets.
About Author
English