TP-Link Archer NX200
Moderate fix2 remedies
Moderate fix2 remedies
- < 1.3.0 Build 260309
- < 1.3.0 Build 260311
- < 1.8.0 Build 260311
TP-Link Archer Series Missing Authentication Vulnerability in HTTP Server Endpoints Allowing Privileged Access
Vulnerability
Patched
A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500, and NX600 routers in certain firmware versions allows unauthenticated access to CGI endpoints intended for authenticated users. This vulnerability enables attackers to perform privileged HTTP actions without authentication, such as uploading firmware and modifying configuration settings.
Impact
Exploitation of this vulnerability allows for unauthorized access to privileged HTTP actions, including firmware uploads and configuration changes, potentially leading to unauthorized modifications of the device's functionality or settings.
Remediation
Users are advised to update to the latest firmware version. Firmware updates can be downloaded from the TP-Link support pages for each affected model.
Added: Mar 23, 2026, 6:25 PM
Updated: Mar 23, 2026, 6:25 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
7.5exploitability
7.4remediation
0.0relevance
4.6threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.