CVE-2026-3227
Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
| CWE | CWE-78 |
| Vendor | tp-link systems inc. |
| Product | tl-wr802n v4 |
| Published | Mar 13, 2026 |
| Last Updated | Mar 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link systems inc. tl-wr802n v4
Be the first to know when new unknown vulnerabilities affecting tp-link systems inc. tl-wr802n v4 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
TP-Link Systems Inc. / TL-WR802N v4
0 < V4_260304
TP-Link Systems Inc. / TL-WR841N v14
0 < V14_260303
TP Link Systems Inc. / TL-WR840N v6
0 < V6_260304
References
tp-link.com: https://www.tp-link.com/en/support/download/tl-wr802n/v4/#Firmware tp-link.com: https://www.tp-link.com/us/support/download/tl-wr802n/v4/#Firmware tp-link.com: https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware tp-link.com: https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware tp-link.com: https://www.tp-link.com/en/support/download/tl-wr840n/v6/#Firmware tp-link.com: https://www.tp-link.com/us/support/faq/5018/
Credits
do4choo (github.com/do4choo)