Command Injection Vulnerability in Archer MR600 Router by TP-Link
CVE-2026-8913

8.5HIGH

What is CVE-2026-8913?

A command injection vulnerability has been identified in the WireGuard client configuration of the TP-Link Archer MR600 v5. This issue arises from inadequate handling of user-controlled input within the web management interface. An authenticated attacker with administrative permissions could exploit this vulnerability to execute arbitrary commands while making configuration changes. Such successful exploitation may lead to a complete risk to the device's confidentiality, integrity, and availability, compromising the overall security of the affected router.

Affected Version(s)

Archer MR600 v5 0

Archer MR600 v5 0

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Akira Moroo (Ricerca Security, Inc.), Satoki Tsuji (Ricerca Security, Inc.), Anonymous
.