← voltar
CVE-2026-8913

Command Injection in TP-Link's Archer MR600 WireGuard Client Configuration

CVSS 8.5 HIGHEPSS 0.9%CWE-78
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes.Successful exploitation may result in a full compromise of confidentiality, integrity, and availability of the affected device.
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
TP-Link Systems Inc. · Archer MR600 v5

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.tp-link.com/en/support/download/archer-mr600/v5/#Firmwarehttps://www.tp-link.com/jp/support/download/archer-mr600/v5/#Firmwarehttps://www.tp-link.com/us/support/faq/5122/