A high-severity command injection vulnerability in TP-Link Archer MR200 routers allows unauthenticated attackers to execute arbitrary code via malicious DHCP traffic.

This is a command injection flaw occurring within the DHCP option processing logic. The vulnerability is exploitable by an unauthenticated attacker who can send specially crafted DHCP packets to the target device.

With a CVSS score of 8.7, this vulnerability poses a severe threat to network security. Successful exploitation grants an attacker full control over the router, enabling them to intercept traffic, redirect users to malicious sites, or use the device as a pivot point for further lateral movement within the internal network.

Immediate Action: Update router firmware to the latest version provided by TP-Link immediately to remediate the vulnerable DHCP processing logic.

Proactive Monitoring: Monitor network traffic for unusual DHCP handshake patterns or unexpected command execution attempts originating from network devices.

Compensating Controls: Disable unnecessary features such as remote management and place vulnerable hardware behind a secondary firewall if immediate firmware updates cannot be applied.

Public Exploit Available: false

This vulnerability is particularly dangerous as it allows unauthenticated remote code execution on network infrastructure. IT administrators must prioritize firmware updates for all affected TP-Link devices to prevent potential network-wide compromise and unauthorized access.