TP-Link Archer Router Flaw Exposes Users to Remote Attacks and Full Device Control

**TP-Link Archer MR600 v5 command injection (CVE-2025-14756)** — A high‑severity authenticated command injection in the router’s admin interface (CVSS 8.5) allows local network attackers with admin credentials to execute arbitrary system commands and potentially fully compromise devices; TP‑Link released patched firmware v1.1.0 and users are advised to update immediately, change admin credentials, and monitor for suspicious activity.