Description
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.
Published: 2026-03-12
Score: 8.5 High
EPSS: 1.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability permits an authenticated attacker with elevated privileges to inject and execute arbitrary system commands through the Telnet command-line interface of the TP-Link TL-MR6400 router, firmware version 5.3. The flaw originates from insufficient input sanitization during CLI operations and represents a classic operating-system-level command-injection weakness (CWE-78). An attacker who succeeds can fully compromise the device, potentially compromising confidentiality, integrity, and availability of the network and connected devices.

Affected Systems

The affected device is the TP-Link TL-MR6400 router running firmware version 5.3. No other vendors, products, or versions are referenced in the official advisory.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.5, classifying it as high severity. Its EPSS score is 2 %, indicating a low likelihood of active exploitation at present. The problem is not listed among publicly documented known exploited vulnerabilities. Successful exploitation requires the attacker to gain authenticated, privileged access to the router’s Telnet interface; from that position, crafted input can trigger the injection of system commands. If leveraged, this could provide the attacker with full control over the router, enabling further attacks on connected hosts.

Generated by OpenCVE AI on June 18, 2026 at 10:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest release from TP‑Link (e.g., version 5.30 or newer).
  • If the Telnet service is not required, disable it to eliminate the attack surface.
  • Apply network segmentation or firewall rules to restrict access to the router’s Telnet interface to only trusted administrators.

Generated by OpenCVE AI on June 18, 2026 at 10:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link tl-mr6400 Firmware
CPEs cpe:2.3:h:tp-link:tl-mr6400:5.3:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-mr6400_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link tl-mr6400 Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 13 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tl-mr6400
Vendors & Products Tp-link
Tp-link tl-mr6400

Thu, 12 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
Description A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.
Title Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Tl-mr6400 Tl-mr6400 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-13T14:35:24.733Z

Reserved: 2026-03-09T17:28:57.540Z

Link: CVE-2026-3841

cve-icon Vulnrichment

Updated: 2026-03-13T14:35:21.577Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T18:16:26.107

Modified: 2026-06-17T10:44:19.750

Link: CVE-2026-3841

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T10:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')