This vulnerability permits an authenticated attacker with elevated privileges to inject and execute arbitrary system commands through the Telnet command‑line interface of the TP‑Link TL‑MR6400 router, firmware version 5.3. The flaw originates from insufficient input sanitization during CLI operations and represents a classic operating‑system‑level command‑injection weakness (CWE‑78). An attacker who succeeds can fully compromise the device, potentially compromising confidentiality, integrity, and availability of the network and connected devices.

The affected device is the TP‑Link TL‑MR6400 router running firmware version 5.3. No other vendors, products, or versions are referenced in the official advisory.

The vulnerability carries a CVSS score of 8.5, classifying it as high severity. Its EPSS score is below 1 %, indicating a low likelihood of active exploitation at present. The problem is not listed among publicly documented known exploited vulnerabilities. Successful exploitation requires the attacker to gain authenticated, privileged access to the router’s Telnet interface; from that position, crafted input can trigger the injection of system commands. If leveraged, this could provide the attacker with full control over the router, enabling further attacks on connected hosts.