CVE-2025-14756NVD

Vulnerability Summary

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.

Severity Level

HIGH(8.5)

Published Date

Jan 26, 2026

Last Modified

Mar 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.25%Probability

Root Weakness (CWE)

CWE-77: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v4.0 Base Metrics

Attack VectorAdjacent

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

External References

https://jvn.jp/en/vu/JVNVU94651499/
https://jvn.jp/vu/JVNVU94651499/
https://www.tp-link.com/en/support/download/archer-mr600/#Firmware
https://www.tp-link.com/jp/support/download/archer-mr600/#Firmware
https://www.tp-link.com/us/support/faq/4916/

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-14756NVD

Vulnerability Summary

External References