Click to skip the navigation bar
Search Online store
Search Online store Menu

Security Advisory on LAN Code Execution on Archer MR200, Archer C20, TL-WR850N, and TL-WR845N (CVE-2025-15551)

Security Advisory
Updated 02-05-2026 17:30:51 PM Number of views for this article83

Vulnerability Description:

The response coming from the router for any request is getting executed by the JavaScript function like eval directly without any check.

Impact:

Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

CVSS v4.0 Score: 5.9 / Medium

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products/Versions and Fixes:

Affected Product Model

Affected Version

Fixed Version

Archer MR200 v5.20

<= 1.1.0 Build 240723 Rel. 52455n

1.2.0 Build 250917 Rel.51746

Archer C20 v6

<= 0.9.1 4.19 v0001.0 Build 241231 Rel.53022n

0.9.1 4.19 v0001.0 Build 250630 Rel.56583n

TL-WR850N v3

<= 3.16.0 0.9.1 Build 230227

3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n

TL-WR845N v4

<= 0.9.1 3.19 Build 250401 rel57442

0.9.1 3.19 Build 251031 rel33710

Recommendation(s):

We strongly recommended that users with the affected device(s) take the following action(s):

  1. Download and update to the latest firmware to fix the vulnerabilities.
  2. Change the password after the firmware upgrade to mitigate the potential risk of password leakage.

The latest firmware of related models and download links are below:

EN: Download for Archer MR200 | TP-Link

Download for Archer C20 | TP-Link

Download for TL-WR845N | TP-Link

IN: Download for Archer MR200 | TP-Link India

Download for Archer C20 | TP-Link India

Download for TL-WR845N | TP-Link India

Download for TL-WR850N | TP-Link India

These models are not sold in the US.

Disclaimer:

If you do not take the recommended action(s) stated above, this vulnerability concern will remain. TP-Link cannot bear any responsibility for the consequences that could have been avoided by following the recommended action(s) in this advisory.

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

Your Privacy Choices

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

These cookies are necessary for the website to function and cannot be deactivated in your systems.

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.