QwikSec

Security Database

CVE

CWE

Training

CVE-2025-14756

Published: Jan 26, 2026

Modified: Feb 26, 2026

PUBLISHED

Description

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.

Vendor	Product	Versions
TP-Link Systems Inc.	Archer MR600 v5.0	affected `0 - < 1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n`

Weaknesses (CWE)

References

https://www.tp-link.com/jp/support/download/archer-mr600/#Firmware

patch

https://www.tp-link.com/en/support/download/archer-mr600/#Firmware

patch

https://www.tp-link.com/us/support/faq/4916/

vendor-advisory

https://jvn.jp/en/vu/JVNVU94651499/

https://jvn.jp/vu/JVNVU94651499/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.