A critical security advisory has been released for a command injection vulnerability affecting the Archer MR600 v5 router.
The flaw, tracked as CVE-2025-14756, enables authenticated attackers to execute arbitrary system commands through the device’s admin interface, potentially leading to complete router compromise.
The vulnerability exists in the admin interface component of the Archer MR600 v5 firmware. Attackers with authentication credentials can inject system commands via crafted input submitted through the browser developer console.
Although the vulnerability imposes a limited character-length restriction on injected commands.
The flaw still allows attackers to execute malicious instructions that can disrupt services or gain complete control of the affected device.
| CVE ID | CVSS Score | Affected Product | Affected Versions |
|---|---|---|---|
| CVE-2025-14756 | 8.5 | Archer MR600 v5 | <1.1.0, 0.9.1, v0001.0 Build 250930 Rel.63611n |
The vulnerability has been assigned a CVSS v4.0 score of 8.5, indicating a high-severity risk.
The CVSS vector (CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA: N) indicates that the attack requires adjacent network access and high privilege levels.
But poses significant risks to the confidentiality, integrity, and availability of the router’s functions.
The vulnerability impacts explicitly the Archer MR600 v5 with firmware versions earlier than v0001.0 Build 250930 Rel.63611n (version 0.9.1 and below).
TP-Link has not released this product in the United States, limiting its exposure there. However, users in other markets with affected devices face potential security risks.
Mitigations
TP-Link strongly recommends users immediately download and install the latest firmware version to address this vulnerability.
The updated firmware patches the command injection flaw and restores security integrity.
Users can access firmware updates through TP-Link’s official support portal: English: Archer MR600 Firmware Download, Japanese: Archer MR600 Firmware Support Page.
This vulnerability highlights the importance of securing administrative interfaces on network devices.
Authenticated command injection flaws can serve as stepping stones for lateral movement within networks, especially in enterprise environments where routers act as critical infrastructure components.
Organizations managing TP-Link Archer devices should prioritize firmware updates and implement network segmentation to restrict administrative access.
Additionally, monitoring for suspicious command execution patterns on affected routers can help detect exploitation attempts before they cause damage.
TP-Link emphasizes that failure to apply the recommended security updates leaves systems vulnerable to exploitation.
The vendor cannot be held responsible for security incidents resulting from neglecting to implement these critical patches.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
