The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Feb 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Tp-link
Tp-link archer C20 Tp-link archer Mr200 Tp-link tl-wr845n Tp-link tl-wr850n |
|
| Vendors & Products |
Tp-link
Tp-link archer C20 Tp-link archer Mr200 Tp-link tl-wr845n Tp-link tl-wr850n |
Thu, 05 Feb 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 05 Feb 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge. | |
| Title | LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N | |
| Weaknesses | CWE-95 | |
| References |
|
|
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: TPLink
Published:
Updated: 2026-02-05T20:31:56.005Z
Reserved: 2026-01-29T23:07:58.401Z
Link: CVE-2025-15551
Updated: 2026-02-05T20:29:34.635Z
Status : Awaiting Analysis
Published: 2026-02-05T18:16:09.593
Modified: 2026-02-05T20:47:37.777
Link: CVE-2025-15551
No data.