ByteOS Network

Archer MR200 v5.2

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-15551

Assigner-TP-Link Systems Inc.

View Details

Assigner-TP-Link Systems Inc.

CVSS Score-5.9||MEDIUM

EPSS-0.03% / 9.63%

7 Day CHG~0.00%

Published-05 Feb, 2026 | 17:22

Updated-12 Feb, 2026 | 16:24

LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Vendor-TP Link Systems Inc.TP-Link Systems Inc.TP-Link Systems Inc.

Product-tl-wr850n tl-wr850n_firmware tl-wr845n_firmware archer_mr200_firmware archer_mr200 archer_c20_firmware archer_c20 tl-wr845n Archer C20 v6 TL-WR845N v4 TL-WR850N v3 Archer MR200 v5.2

CWE ID-CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')