cbcvebase.
CVE-2025-6982
published 2025-07-16

CVE-2025-6982: Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows…

PriorityP428medium6.9CVSS 4.0
AVAACLATNPRLUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.25%
16.4th percentile
Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.

Affected

5 ranges
VendorProductVersion rangeFixed in
tp-link_systems_incarcher_c20_v5< US_V5_260419US_V5_260419
tp-link_systems_incarcher_c20_v5< EU_V5_260317EU_V5_260317
tp-link_systems_incarcher_c50_v3<= 180703
tp-link_systems_incarcher_c50_v4<= 250117
tp-link_systems_incarcher_c50_v5<= 200407
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.