๐Ÿ›ก๏ธ CVE-2026-3227
๐ŸŸก CVSS 6.8 โ€” Medium โœ… No Known Exploit CWE-78 NVD
6.8
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.

Details

Severity MEDIUM
CVSS Score 6.8
CVSS Vector CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE CWE-78
Public Exploit โœ… No
Source NVD
Published 2026-03-16
Updated 2026-06-02
Modified 2026-04-07
Fix URL N/A

Affected Packages

Software From version Fixed in
tl-wr802n-firmware โ€” 260304
tl-wr840n-firmware โ€” 260304
tl-wr841n-firmware โ€” 260303

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free โ†’

No credit card required  ยท  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.