A missing authentication check in TP-Link’s Archer NX series allows unprivileged attackers to upload firmware. The update lands as the company defends a Texas lawsuit alleging deceptive security claims.