CVE Catalog

CVE-2026-8913

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.41%

62th percentile - higher than 62% of all known CVEs

Summary

CVE-2026-8913 describes a command injection vulnerability in the WireGuard client configuration of the Archer MR600 v5, caused by improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes.

Risk Assessment

Successful exploitation of this vulnerability may result in a full compromise of confidentiality, integrity, and availability of the affected device. Organizations should be aware of the risks associated with unauthorized access to the system.

Recommendation

It is recommended to update the device firmware to the latest version to mitigate this vulnerability. Additionally, access to the management interface should be restricted to trusted users.

Original NVD description (English source)

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes.Successful exploitation may result in a full compromise of confidentiality, integrity, and availability of the affected device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS