CVE-2025-6982
published 2025-07-16CVE-2025-6982: Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows…
PriorityP428medium6.9CVSS 4.0
AVAACLATNPRLUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.25%
16.4th percentile
Use of Hard-coded Credentials in TP-Link Archer C50 V3(
<=
180703)/V4(
<=
250117
)/V5(
<=
200407
), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link_systems_inc | archer_c20_v5 | < US_V5_260419 | US_V5_260419 |
| tp-link_systems_inc | archer_c20_v5 | < EU_V5_260317 | EU_V5_260317 |
| tp-link_systems_inc | archer_c50_v3 | <= 180703 | — |
| tp-link_systems_inc | archer_c50_v4 | <= 250117 | — |
| tp-link_systems_inc | archer_c50_v5 | <= 200407 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-16
Published