Andere informatie en diensten van de overheid: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Command Injection Vulnerability in the TP-Link Archer router could be exploited leading to Service Disruption or Full Compromise, Patch Immediately!

Image
Decorative image
Gepubliceerd : 29/01/2026
  • Last update: 29/01/2026
  • Affected software:
    → TP-Link Archer MR600 v5 <1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n
  • Type: Command Injection
  • CVE/CVSS
    → CVE-2025-14756: CVSS 8.5 (CVSS:4.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Sources

Source - https://www.tp-link.com/us/support/faq/4916/

Risks

The command injection vulnerability, CVE-2025-14756, affecting TP-Link Archer MR600 could allow an authenticated attacker to execute arbitrary system commands through the admin interface, leading to service disruption or complete device compromise.
Successful exploitation of this vulnerability could cause a high impact in all three aspects of the CIA triad (Confidentiality, Integrity, Availability).

Description

CVE-2025-14756 is a command injection vulnerability that has been discovered in TP-Link’s Archer MR600 v5 router and this vulnerability arises due to improper input validation. TP-Link’s Archer MR600 router running firmware versions prior to 1.1.0 (Build 250930 Rel.63611n) are vulnerable.
Exploitation of this vulnerability could allow an authenticated attacker with high privileges to inject and execute arbitrary commands with a limited character length via crafted input in the browser developer console, possibly leading complete device compromise and network control.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

Source - https://radar.offseq.com/threat/cve-2025-14756-cwe-77-improper-neutralization-of-s-4556bd0c