CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

TP-Link Patches High-Severity Router Vulnerabilities

The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek.

TP-Link vulnerabilities

TP-Link has released patches for four high-severity vulnerabilities in Archer NX router models that could be exploited to fully compromise devices.

The bugs, tracked as CVE-2025-15517, CVE-2025-15518, CVE-2025-15519, and CVE-2025-15605, were resolved in fresh firmware releases for the Archer NX200, NX210, NX500, and NX600 router models.

The first of the flaws, CVE-2025-15517, allows attackers to bypass authentication and perform actions such as firmware uploads or configuration operations, TP-Link notes in its advisory.

CVE-2026-15518 and CVE-2026-15519 are command injection bugs that require administrative privileges for successful exploitation, while CVE-2025-15605 exists because a hardcoded cryptographic key is used for configuration file encryption and decryption, allowing attackers to tamper with these files.

The fixes were rolled out one day before Cisco’s Talos researchers published details on 10 vulnerabilities affecting TP-Link’s Archer AX53 routers, including nine memory safety flaws and one misconfiguration issue that could lead to credentials leak.

Successful exploitation of these security defects could allow attackers to execute arbitrary code remotely on vulnerable devices or to leak credentials via a man‑in‑the‑middle (MITM) attack.

Talos reported the vulnerabilities to TP-Link in October, and the vendor rolled out fixes for its Archer AX53 v1.0 routers in early February.

Now, Talos has published technical details on all 10 bugs, as well as on 19 flaws in the Canva Affinity pixel and vector art manipulation tool, and one issue in Hikvision’s face recognition terminals.

Of the Affinity security defects, 18 could be exploited to leak sensitive information and one to execute arbitrary code using specially crafted EMF files.

The Hikvision vulnerability could be exploited remotely via specially crafted network packets to achieve arbitrary code execution.

Related: BIND Updates Patch High-Severity Vulnerabilities

Related: Cisco Patches Multiple Vulnerabilities in IOS Software

Related: iOS, macOS 26.4 Roll Out With Fresh Security Patches

Related: TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking

Latest News

CYBERNEWSMEDIAPublisher