TP-Link Archer Vulnerability Allows Full Router Control
A critical command injection vulnerability in the Archer MR600 v5 router has prompted the release of a security advisory. The flaw, tracked as CVE-2025-14756, enables authenticated attackers to...
A critical command injection vulnerability in the Archer MR600 v5 router has prompted the release of a security advisory.
The flaw, tracked as CVE-2025-14756, enables authenticated attackers to execute arbitrary system commands through the device’s admin interface, potentially leading to complete router compromise.
The vulnerability exists in the admin interface component of the Archer MR600 v5 firmware. Attackers with authentication credentials can inject system commands via crafted input submitted through the browser developer console.
Although the vulnerability imposes a limited character-length restriction on injected commands.
The flaw still allows attackers to execute malicious instructions that can disrupt services or gain complete control of the affected device.
| CVE ID | CVSS Score | Affected Product | Affected Versions |
|---|---|---|---|
| CVE-2025-14756 | 8.5 | Archer MR600 v5 | <1.1.0, 0.9.1, v0001.0 Build 250930 Rel.63611n |
The vulnerability has been assigned a CVSS v4.0 score of 8.5, indicating a high-severity risk.
The CVSS vector (CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA: N) indicates that the attack requires adjacent network access and high privilege levels.
But poses significant risks to the confidentiality, integrity, and availability of the router’s functions.
The vulnerability impacts explicitly the Archer MR600 v5 with firmware versions earlier than v0001.0 Build 250930 Rel.63611n (version 0.9.1 and below).
TP-Link has not released this product in the United States, limiting its exposure there. However, users in other markets with affected devices face potential security risks.
Mitigations
TP-Link strongly recommends users immediately download and install the latest firmware version to address this vulnerability.
The updated firmware patches the command injection flaw and restores security integrity.
Users can access firmware updates through TP-Link’s official support portal: English: Archer MR600 Firmware Download, Japanese: Archer MR600 Firmware Support Page.
This vulnerability highlights the importance of securing administrative interfaces on network devices.
Authenticated command injection flaws can serve as stepping stones for lateral movement within networks, especially in enterprise environments where routers act as critical infrastructure components.
Organizations managing TP-Link Archer devices should prioritize firmware updates and implement network segmentation to restrict administrative access.
Additionally, monitoring for suspicious command execution patterns on affected routers can help detect exploitation attempts before they cause damage.
TP-Link emphasizes that failure to apply the recommended security updates leaves systems vulnerable to exploitation.
The vendor cannot be held responsible for security incidents resulting from neglecting to implement these critical patches.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.