CVE-2025-14756

EUVD-2025-206350
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
tp-linkarcher_mr600_firmware
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/vu/JVNVU94651499/
https://jvn.jp/vu/JVNVU94651499/
https://www.tp-link.com/en/support/download/archer-mr600/#Firmware
https://www.tp-link.com/jp/support/download/archer-mr600/#Firmware
https://www.tp-link.com/us/support/faq/4916/