TP-Link are aware of a security flaw in the SMB Router TL-R600VPN. After diagnosing the issue, they have identified a bug which might be taken use by an authenticated attacker to launch remote code execution attacks.
TP-Link has confirmed that this security flaw can only be taken use by an authenticated attacker with administrative authority. This security flaw only affects TL-R600VPN V1, V2 and V3 hardware version. TL-R600VPN V4 and other models are not affected by this security flaw.
In order to remove this security flaw, they have already made a beta firmware aiming at fixing it. This beta is suitable for TL-R600VPN V1, V2 and V3 hardware version.
If anyone needs the beta firmware or has further questions and concerns, please contact TP-Link through the support page on the official website: http://www.tp-link.com/support.