TP-Link Archer MR600 Command Injection Vulnerability in WireGuard Client Configuration

A command injection vulnerability has been identified in the TP-Link Archer MR600 V5 router, specifically within the WireGuard client configuration. This issue arises from inadequate sanitization of user input in the web management interface. An authenticated attacker with administrative rights could exploit this vulnerability to execute arbitrary commands while applying configuration changes. Successful exploitation may lead to a complete compromise of the device's functionality and security.

Impact

Exploitation of this vulnerability could allow an authenticated attacker with administrative privileges to execute arbitrary commands on the device, potentially leading to a full compromise of the device's functionality and security.

Remediation

Users are advised to update their Archer MR600 V5 routers to the latest firmware version that addresses this vulnerability. The fixed firmware version is Archer MR600(EU)_V5_1.7.0 Build 260518 and Archer MR600(JP)_V5_1.2.0 Build 260519. Instructions for downloading the firmware are available on the TP-Link website.