HIGHCVE-2026-3227Published Modified CNA TPLink
CVE-2026-3227: Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
Metrics
- CVSS v4.0
- 8.5
- Severity
- HIGH
- Fixed in
- V14_260303
- Affected Products
- 3
Fix available
V14_260303V4_260304V6_260304
Affected packages
- TP-Link Systems Inc. / TL-WR802N v4< V4_260304 (from 0)
- TP-Link Systems Inc. / TL-WR841N v14< V14_260303 (from 0)
- TP Link Systems Inc. / TL-WR840N v6< V6_260304 (from 0)
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N