A high command injection vulnerability has been discovered in TP-Link’s Archer MR600 v5 router, enabling authenticated attackers to execute arbitrary system commands through the device’s admin interface.
The flaw, tracked as CVE-2025-14756, represents a significant security risk for enterprise and home users relying on this widely deployed network equipment.
Vulnerability Details
Security researchers identified the command injection vulnerability within the admin interface component of the Archer MR600 v5 firmware.
The vulnerability allows attackers with administrative credentials to inject malicious system commands via the browser developer console, bypassing standard interface protections.
Although the vulnerability requires authentication and operates under character length restrictions, successful exploitation can lead to complete device compromise and network control.
The vulnerability carries a CVSS v4.0 score of 8.5 (High severity), reflecting the substantial risk it poses to affected infrastructure.
The attack vector is adjacent (AV:A), requiring local network access, while the attack complexity remains low (AC:L), making exploitation straightforward for authenticated threat actors.
Affected Products and Timeline
TP-Link’s Archer MR600 router running firmware versions prior to 1.1.0 (Build 250930 Rel.63611n) are vulnerable.
Affected firmware versions include v0.9.1 and v0001.0. TP-Link released the security advisory on January 26, 2026, providing users with critical patch information.
| Affected Model | CVE ID | Vulnerable Versions | CVSS Score | Severity |
|---|---|---|---|---|
| Archer MR600 v5 | CVE-2025-14756 | <1.1.0 (v0.9.1, v0001.0 Build 250930 Rel.63611n) | 8.5 | High |
TP-Link has released patched firmware addressing the vulnerability. Users should immediately download and deploy firmware version 1.1.0 or later from TP-Link’s official support portal.
The patch is available for English and Japanese regions; note that this product is not sold in US markets.
Recommended Actions:
- Verify current firmware version on your Archer MR600 device
- Download the latest firmware from TP-Link Support Portal
- Apply the security update immediately
- Change administrative credentials after patching
- Monitor network activity for suspicious admin interface access
This vulnerability underscores the critical importance of maintaining current firmware on network infrastructure.
Unpatched devices remain vulnerable to complete compromise, potentially exposing entire networks to lateral movement and data exfiltration.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.