A vulnerability was found in TP-Link Archer MR600 v5 . It has been declared as critical . This vulnerability affects unknown code of the component Web Management Interface . Such manipulation leads to os command injection. This vulnerability is traded as CVE-2026-8913 . Access to the local network is required for this attack to succeed. There is no exploit available.