CVE-2025-14756
Authenticated Command Injection Vulnerability in Archer MR600
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.
| CWE | CWE-77 |
| Vendor | tp-link systems inc. |
| Product | archer mr600 v5.0 |
| Published | Jan 26, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. archer mr600 v5.0
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. archer mr600 v5.0 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
TP-Link Systems Inc. / Archer MR600 v5.0
0 < 1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n
References
tp-link.com: https://www.tp-link.com/jp/support/download/archer-mr600/#Firmware tp-link.com: https://www.tp-link.com/en/support/download/archer-mr600/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/4916/ jvn.jp: https://jvn.jp/en/vu/JVNVU94651499/ jvn.jp: https://jvn.jp/vu/JVNVU94651499/
Credits
Chuya Hayakawa of 00One, Inc.