CVE-2026-8913
HighCVSS 8.5Exploitation Probability (EPSS)
Elevated risk62th percentile - higher than 62% of all known CVEs
Summary
CVE-2026-8913 describes a command injection vulnerability in the WireGuard client configuration of the Archer MR600 v5, caused by improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes.
Risk Assessment
Successful exploitation of this vulnerability may result in a full compromise of confidentiality, integrity, and availability of the affected device. Organizations should be aware of the risks associated with unauthorized access to the system.
Recommendation
It is recommended to update the device firmware to the latest version to mitigate this vulnerability. Additionally, access to the management interface should be restricted to trusted users.
Original NVD description (English source)
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes.Successful exploitation may result in a full compromise of confidentiality, integrity, and availability of the affected device.

