Affected Vendors This Week
- Cisco — 13 CVEs (11 High, 2 Medium)
- TP-Link — 5 CVEs (5 High)
- ASUS — 1 CVE (1 High)
This week brought a significant security update with 19 new router CVEs, dominated by Cisco vulnerabilities spanning core routing, wireless, and VPN features. TP-Link users also face multiple high-severity issues requiring immediate attention.
Cisco: 13 CVEs Across Core Infrastructure
Cisco's large CVE footprint this week reflects vulnerabilities across multiple attack surfaces. Three critical issues share a CVSS score of 8.6 and demand urgent patching:
- CVE-2026-20084 affects DHCP snooping in IOS XE, allowing unauthenticated remote attackers to forward BOOTP packets between VLANs—a denial-of-service risk in segmented networks.
- CVE-2026-20086 targets CAPWAP packet processing in the Catalyst CW9800 Wireless Controller, enabling unauthenticated remote denial of service.
- CVE-2026-20012 impacts IKEv2 across IOS, IOS XE, ASA, and FTD platforms, affecting VPN security for multiple device classes.
Additional high-severity issues include CVE-2026-20125 (HTTP server crash, CVSS 7.7) and CVE-2026-20004 (memory exhaustion via TLS, CVSS 7.4, adjacent network access required). Medium-severity flaws in CLI, SCP, and Meraki features round out Cisco's list.
Action: Prioritize IOS XE updates immediately. Consult Cisco's security advisories for patch availability and workarounds by platform version.
TP-Link: Five High-Severity Issues in Archer Series
TP-Link's Archer NX200, NX210, NX500, and NX600 models carry four interrelated high-severity vulnerabilities:
- CVE-2025-15517 (CVSS 8.1) — Missing authentication on HTTP CGI endpoints allows unauthenticated attackers to access privileged functions.
- CVE-2025-15605 (CVSS 7.3) — Hardcoded cryptographic keys in the configuration mechanism enable attackers to decrypt and re-encrypt device settings.
- CVE-2025-15518 and CVE-2025-15519 (CVSS 7.2) — Improper input handling in wireless and modem management CLI commands allow command injection.
A separate denial-of-service flaw, CVE-2025-15606 (CVSS 7.5), affects TP-Link TD-W8961N v4.0 via unvalidated httpd requests.
Action: Check TP-Link's support portal for firmware patches targeting these models. The authentication bypass and hardcoded keys are especially critical—upgrade immediately if running affected versions.
ASUS: Cross-Site Request Forgery in Web Interface
CVE-2025-15101 (CVSS 8.8) is the week's highest-scored vulnerability. This CSRF flaw in ASUS router web management could allow attackers to perform unauthorized administrative actions through malicious links or sites. While specific models weren't enumerated in this summary, ASUS users should check affected device lists and apply patches promptly.
Action: Visit ASUS support to identify your model's vulnerability status and available firmware updates.
Summary
This is a heavy week for router security. Cisco environments need immediate attention to IOS/IOS XE systems, TP-Link Archer users should prioritize firmware updates, and ASUS administrators should verify patch status. All three vendors have published or are preparing security advisories—check your vendor's portal this week.