CVE-2026-8913

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 08, 2026

Vendor unknown

Description

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes.Successful exploitation may result in a full compromise of confidentiality, integrity, and availability of the affected device.

References

https://www.tp-link.com/en/support/download/archer-mr600/v5/#Firmware
https://www.tp-link.com/jp/support/download/archer-mr600/v5/#Firmware
https://www.tp-link.com/us/support/faq/5122/