Primary

Context

TP-Link Archer MR600 Command Injection Vulnerability in Admin Interface

Vulnerability

A command injection vulnerability has been identified in the admin interface of TP-Link Archer MR600 v5 routers, running firmware prior to version 1.1.0 0.9.1 v0001.0 Build 250930 Rel.63611n. This vulnerability allows authenticated attackers to execute arbitrary system commands by injecting crafted input through the browser's developer console. The exploitation of this vulnerability could disrupt services or lead to a complete compromise of the device.

Impact

Exploitation of this vulnerability allows authenticated attackers to execute arbitrary operating system commands on the affected device, potentially leading to a full compromise of the router.

Remediation

Users are advised to update the firmware to the latest version. The latest firmware for the Archer MR600 v5 can be downloaded from the TP-Link official website, ensuring to select the correct regional site to avoid warranty issues.

Added: Jan 26, 2026, 7:21 PM

Updated: Jan 27, 2026, 2:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link Archer MR600 Command Injection Vulnerability in Admin Interface

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating