Vulnerability Details CVE-2025-14756
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.7%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-14756
-
cpe:2.3:h:tp-link:archer_mr600:5.
-
cpe:2.3:o:tp-link:archer_mr600_firmware:*