• Home
  • cyber
  • TP-Link: TP-Link Archer Vulnerability Allows Attackers to Seize Control of Routers
cyber Vulnerability

TP-Link: TP-Link Archer Vulnerability Allows Attackers to Seize Control of Routers

Jan 1, 2025 2 min read
TP-Link: TP-Link Archer Vulnerability Allows Attackers to Seize Control of Routers

Critical Command Injection Flaw Discovered in TP-Link Archer MR600 Router

A high-severity security vulnerability has been identified in the TP-Link Archer MR600 v5, a widely used 4G+ Cat6 wireless router. Tracked as CVE-2025-14756, the flaw is a command injection issue in the device’s administrative interface, allowing authenticated attackers to execute arbitrary system commands.

The vulnerability stems from inadequate input sanitization in the router’s firmware, enabling threat actors to inject malicious commands via the browser developer console. While exploitation requires administrative access obtained through credential theft, phishing, or default password misuse the impact is severe. Successful attacks could lead to service disruption (e.g., blocking internet access) or full system compromise, granting attackers control over network traffic, connected devices, or persistent malware installation.

With a CVSS v4.0 score of 8.5 (High), the flaw poses significant risks to confidentiality, integrity, and availability. The attack vector is classified as adjacent, meaning it requires local network access, but the potential damage is substantial.

The vulnerability affects Archer MR600 v5 routers running firmware versions prior to 1.1.0 0.9.1 v0001.0 Build 250930. TP-Link has released a patch to address the issue, implementing stricter input validation. The affected model is not sold in the U.S. but is deployed in regions including Europe and Japan.

Users are urged to update their firmware immediately, as unpatched devices remain vulnerable to attackers with administrative access. TP-Link provides the fix on its global and regional support pages, with administrators advised to back up configurations before applying the update.

Source: https://cyberpress.org/tp-link-archer-router-vulnerability-remote-takeover/

TP-Link cybersecurity rating report: https://www.rankiteo.com/company/tp-link-corporation

"id": "TP-1769604409",
"linkid": "tp-link-corporation",
"type": "Vulnerability",
"date": "1/2025",
"severity": "85",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology/Hardware',
                        'location': ['Europe', 'Japan'],
                        'name': 'TP-Link Archer MR600 v5',
                        'type': 'Wireless Router'}],
 'attack_vector': 'Adjacent (Local Network Access)',
 'customer_advisories': 'Users are urged to update their firmware immediately '
                        'to mitigate the vulnerability.',
 'description': 'A high-severity security vulnerability (CVE-2025-14756) has '
                'been identified in the TP-Link Archer MR600 v5, a widely used '
                '4G+ Cat6 wireless router. The flaw is a command injection '
                'issue in the device’s administrative interface, allowing '
                'authenticated attackers to execute arbitrary system commands '
                'due to inadequate input sanitization in the firmware. '
                'Exploitation requires administrative access but could lead to '
                'service disruption or full system compromise.',
 'impact': {'downtime': 'Service disruption (e.g., blocking internet access)',
            'operational_impact': 'Full system compromise, control over '
                                  'network traffic, connected devices, or '
                                  'persistent malware installation',
            'systems_affected': 'TP-Link Archer MR600 v5 routers (firmware '
                                'versions prior to 1.1.0 0.9.1 v0001.0 Build '
                                '250930)'},
 'post_incident_analysis': {'corrective_actions': 'Stricter input validation '
                                                  'implemented in firmware '
                                                  'update',
                            'root_causes': 'Inadequate input sanitization in '
                                           'the router’s firmware'},
 'recommendations': 'Update firmware to the latest version (1.1.0 0.9.1 '
                    'v0001.0 Build 250930) immediately. Ensure administrative '
                    'credentials are secured and not default.',
 'references': [{'source': 'TP-Link Support Pages'}],
 'response': {'containment_measures': 'Firmware patch released (1.1.0 0.9.1 '
                                      'v0001.0 Build 250930)',
              'recovery_measures': 'Users advised to update firmware '
                                   'immediately and back up configurations '
                                   'before applying the patch',
              'remediation_measures': 'Stricter input validation implemented '
                                      'in firmware update'},
 'title': 'Critical Command Injection Flaw in TP-Link Archer MR600 Router',
 'type': 'Command Injection',
 'vulnerability_exploited': 'CVE-2025-14756'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.