CVE-2026-3227 - Vulnerability Details

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing.
Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00515.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TP-Link Systems Inc.

TL-WR802N v4

unaffected

Version	Status	Constraints
`0`	affected	< V4_260304

TP-Link Systems Inc.

TL-WR841N v14

unaffected

Version	Status	Constraints
`0`	affected	< V14_260303

TP Link Systems Inc.

TL-WR840N v6

unaffected

Version	Status	Constraints
`0`	affected	< V6_260304

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tl-wr802n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr802n:v4:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr841n:14:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:tp-link:tl-wr840n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr840n:6:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Tp-link Subscribe	Tl-wr802n Subscribe Tl-wr841n Subscribe
Tp Link Subscribe	Tl-wr840n Subscribe

Project Subscriptions

Vendors	Products
Tp-link Subscribe	Tl-wr802n Subscribe Tl-wr802n Firmware Subscribe Tl-wr840n Subscribe Tl-wr840n Firmware Subscribe Tl-wr841n Subscribe Tl-wr841n Firmware Subscribe
Tp Link Subscribe	Tl-wr840n Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.tp-link.com/en/support/download/tl-wr802n/v4/#Firmware
https://www.tp-link.com/en/support/download/tl-wr840n/v6/#Firmware
https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware
https://www.tp-link.com/us/support/download/tl-wr802n/v4/#Firmware
https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware
https://www.tp-link.com/us/support/faq/5018/

History

Tue, 07 Apr 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link tl-wr802n Firmware Tp-link tl-wr840n Tp-link tl-wr840n Firmware Tp-link tl-wr841n Firmware
CPEs		cpe:2.3:h:tp-link:tl-wr802n:v4:::::::* cpe:2.3:h:tp-link:tl-wr840n:6:::::::* cpe:2.3:h:tp-link:tl-wr841n:14:::::::* cpe:2.3:o:tp-link:tl-wr802n_firmware:::::::: cpe:2.3:o:tp-link:tl-wr840n_firmware:::::::: cpe:2.3:o:tp-link:tl-wr841n_firmware::::::::
Vendors & Products		Tp-link tl-wr802n Firmware Tp-link tl-wr840n Tp-link tl-wr840n Firmware Tp-link tl-wr841n Firmware
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 16 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link tl-wr802n Tp-link tl-wr841n Tp Link Tp Link tl-wr840n
Vendors & Products		Tp-link Tp-link tl-wr802n Tp-link tl-wr841n Tp Link Tp Link tl-wr840n

Fri, 13 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Description		A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
Title		Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
Weaknesses		CWE-78
References		https://www.tp-link.com/en/support/download/tl-wr802n/v4/#Firmware https://www.tp-link.com/en/support/download/tl-wr840n/v6/#Firmware https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware https://www.tp-link.com/us/support/download/tl-wr802n/v4/#Firmware https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware https://www.tp-link.com/us/support/faq/5018/
Metrics		cvssV4_0 `{'score': 8.5, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: TPLink

Published: 2026-03-13T21:38:31.666Z

Updated: 2026-03-17T03:55:35.442Z

Reserved: 2026-02-25T20:03:19.802Z

Link: CVE-2026-3227

Vulnrichment

Updated: 2026-03-16T15:31:32.795Z

NVD

Status : Analyzed

Published: 2026-03-16T14:19:47.257

Modified: 2026-04-07T01:07:52.933

Link: CVE-2026-3227

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-08T20:02:36Z

Weaknesses

CWE-78

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object