ByteOS Network

Archer C20 v5

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-15551

Assigner-TP-Link Systems Inc.

View Details

Assigner-TP-Link Systems Inc.

CVSS Score-5.9||MEDIUM

EPSS-0.04% / 13.50%

7 Day CHG~0.00%

Published-05 Feb, 2026 | 17:22

Updated-22 Apr, 2026 | 22:16

LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Vendor-TP Link Systems Inc.TP-Link Systems Inc.TP-Link Systems Inc.

Product-tl-wr845n_firmware tl-wr850n tl-wr850n_firmware tl-wr845n archer_mr200 archer_mr200_firmware archer_c20 archer_c20_firmware Archer MR200 v5.2 Archer C20 v6 TL-WR850N v3 TL-WR845N v4 Archer C20 v5

CWE ID-CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')