CVE-2025-14756

Vulnerability Description

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.

Vulnerability Details

Published Date

January 26, 2026

Last Modified

January 27, 2026

CWE ID

CWE-77

Source

NVD

Vendor

TP-Link Systems Inc.

Product

Archer MR600 v5.0

External References

https://www.tp-link.com/en/support/download/archer-mr600/#Firmware
https://www.tp-link.com/jp/support/download/archer-mr600/#Firmware
https://www.tp-link.com/us/support/faq/4916/

CVE-2025-14756

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment