EUVD-2025-208939

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...

CVE-2025-15605

This CVE affects TP-Link Archer NX200, NX210, NX500, and NX600 models. The root cause is a hardcoded cryptographic key in the configuration encryption mechanism, enabling an attacker (authenticated, adjacent access) to decrypt, modify, and re-encrypt device configuration data, compromising confid...

PT-2026-27163

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...

CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...