CVE-2025-14756

Summary

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.Archer MR600 v5.00 < 1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611naffected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References