CVE-2025-14756
HIGH WAF: High
CVSS 8.8
Published: 2026-01-26
CWE-77
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.
WAF Coverage Analysis
Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tp-link | archer_mr600_firmware | up to 1.1.0 |
References
- jvn.jp (Third Party Advisory)
- jvn.jp (Third Party Advisory)
- www.tp-link.com (Product)
- www.tp-link.com (Product)
- www.tp-link.com (Vendor Advisory)