Description
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing.
Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
Published: 2026-03-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Command Execution with root privileges
Action: Immediate Patch
AI Analysis

Impact

A command injection flaw exists in TP‑Link TL‑WR802N v4, TL‑WR841N v14, and TL‑WR840N v6 routers due to improper neutralization of special elements used in an OS command. An authenticated attacker who can log into the router’s administration interface can upload a crafted configuration file that is processed during port‑trigger processing, causing arbitrary OS commands to execute with root privileges. Successful exploitation permits full device compromise, allowing the attacker to control the router at the system level.

Affected Systems

The affected products are TP‑Link TL‑WR840N firmware v6, TL‑WR802N firmware v4, and TL‑WR841N firmware v14. These models are specifically listed in the vendor’s advisory and correspond to the relevant firmware product identifiers.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity level. The EPSS score of less than 1% suggests that the likelihood of exploitation in the near term is low, and the vulnerability is not yet cataloged in the CISA KEV list. However, because the flaw requires only an authenticated session, any user or attacker who has gained administrative access could exploit the vulnerability. Full root‑level execution on the router vastly increases the potential damage and therefore represents a high‑risk condition that should prompt prompt remediation.

Generated by OpenCVE AI on April 7, 2026 at 10:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify the router model and verify the current firmware version.
  • Download the latest firmware release from the official TP‑Link website using the vendor advisory links.
  • Install the firmware update on each affected device following the manufacturer’s instructions.
  • Confirm that the configuration import feature no longer accepts unsanitized input and that command execution is no longer possible.
  • Monitor router logs for evidence of attempted or successful command execution attempts.
  • If a firmware update cannot be applied, disable the configuration import function or remove the device from the network until the vulnerability can be patched.

Generated by OpenCVE AI on April 7, 2026 at 10:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tl-wr802n Firmware
Tp-link tl-wr840n
Tp-link tl-wr840n Firmware
Tp-link tl-wr841n Firmware
CPEs cpe:2.3:h:tp-link:tl-wr802n:v4:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr840n:6:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr841n:14:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr802n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr840n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tl-wr802n Firmware
Tp-link tl-wr840n
Tp-link tl-wr840n Firmware
Tp-link tl-wr841n Firmware
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tl-wr802n
Tp-link tl-wr841n
Tp Link
Tp Link tl-wr840n
Vendors & Products Tp-link
Tp-link tl-wr802n
Tp-link tl-wr841n
Tp Link
Tp Link tl-wr840n

Fri, 13 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
Title Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Tl-wr802n Tl-wr802n Firmware Tl-wr840n Tl-wr840n Firmware Tl-wr841n Tl-wr841n Firmware
Tp Link Tl-wr840n
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-17T03:55:35.442Z

Reserved: 2026-02-25T20:03:19.802Z

Link: CVE-2026-3227

cve-icon Vulnrichment

Updated: 2026-03-16T15:31:32.795Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:47.257

Modified: 2026-04-07T01:07:52.933

Link: CVE-2026-3227

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:02:36Z

Weaknesses