CVE-2025-6982

Description

Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.

CVSS breakdown

CVSS 4.0

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

TP-Link Systems Inc. / Archer C20 v50 – US_V5_260419
TP-Link Systems Inc. / Archer C20 v50 – EU_V5_260317
TP-Link Systems Inc. / Archer C50 V30 – 180703
TP-Link Systems Inc. / Archer C50 V40 – 250117
TP-Link Systems Inc. / Archer C50 V50 – 200407

References

MISChttps://www.tp-link.com/us/support/faq/4538/
MISChttps://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware
MISChttps://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware