Critical Vulnerability in TP-Link Archer MR600 v5 Routers: Immediate Action Required
A significant security flaw has been identified in TP-Link’s Archer MR600 v5 routers, potentially allowing attackers to gain complete control over the device. This vulnerability, designated as CVE-2025-14756, is a command injection issue present in the router’s administrative interface. Authenticated users can exploit this flaw to execute arbitrary system commands, leading to a full compromise of the router’s functionality.
Technical Details:
The vulnerability resides within the admin interface component of the Archer MR600 v5 firmware. Attackers with valid authentication credentials can inject system commands through specially crafted inputs submitted via the browser’s developer console. Despite a character-length restriction on the injected commands, the flaw still permits the execution of malicious instructions that can disrupt services or grant attackers full control over the affected device.
Affected Versions:
– Product: Archer MR600 v5
– Firmware Versions: Versions earlier than v0001.0 Build 250930 Rel.63611n (version 0.9.1 and below)
Severity Assessment:
The vulnerability has been assigned a CVSS v4.0 score of 8.5, indicating a high-severity risk. The CVSS vector (CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) suggests that the attack requires adjacent network access and high privilege levels. However, it poses significant risks to the confidentiality, integrity, and availability of the router’s functions.
Geographical Impact:
Notably, TP-Link has not released the Archer MR600 v5 product in the United States, which limits its exposure in that region. However, users in other markets with affected devices face potential security risks and should take immediate action.
Mitigation Measures:
TP-Link strongly recommends that users immediately download and install the latest firmware version to address this vulnerability. The updated firmware patches the command injection flaw and restores the device’s security integrity. Users can access firmware updates through TP-Link’s official support portal:
– English: [Archer MR600 Firmware Download](https://www.tp-link.com/en/support/download/archer-mr600/)
– Japanese: [Archer MR600 Firmware Support Page](https://www.tp-link.com/jp/support/download/archer-mr600/)
Broader Implications:
This vulnerability underscores the critical importance of securing administrative interfaces on network devices. Authenticated command injection flaws can serve as entry points for lateral movement within networks, especially in enterprise environments where routers act as critical infrastructure components. Organizations managing TP-Link Archer devices should prioritize firmware updates and implement network segmentation to restrict administrative access. Additionally, monitoring for suspicious command execution patterns on affected routers can help detect exploitation attempts before they cause significant damage.
Vendor Advisory:
TP-Link emphasizes that failure to apply the recommended security updates leaves systems vulnerable to exploitation. The vendor cannot be held responsible for security incidents resulting from neglecting to implement these critical patches.
Conclusion:
The discovery of CVE-2025-14756 in TP-Link’s Archer MR600 v5 routers highlights the ongoing challenges in securing network devices against sophisticated attacks. Users are urged to take immediate action by updating their firmware to the latest version and implementing additional security measures to protect their networks. Staying vigilant and proactive in applying security updates is essential in safeguarding against potential threats.
