| ID | CVE-2025-15551 | ||||||
| Sažetak | The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge. | ||||||
| Reference |
|
||||||
| CVSS |
|
||||||
| Pristup |
|
||||||
| Impact |
|
||||||
| CVSS vektor | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L | ||||||
| Zadnje važnije ažuriranje | 12-02-2026 - 16:24 | ||||||
| Objavljeno | 05-02-2026 - 18:16 |
