The TP-Link Archer VR1600V is a wireless modem from China P&L (TP-LINK). The TP-Link Archer VR1600V suffers from a command injection vulnerability that stems from the application failing to properly filter constructed command special characters, commands, etc. An attacker could exploit the vulnerability to cause an administrator to open the operating system shell.