CVE-2026-3841

Published: Mar 12, 2026 Last Modified: Mar 12, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,5
Source: f23511db-6c3e-4e32-a477-6aa17d310630
Attack Vector: adjacent
Attack Complexity: low
Privileges Required: high
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.

78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities
Applicable Platforms
Technologies: AI/ML, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
https://www.tp-link.com/en/support/download/tl-mr6400/v5.30…
https://www.tp-link.com/en/support/download/tl-mr6400/v5.30/#Firmware
https://www.tp-link.com/us/support/faq/5016/
https://www.tp-link.com/us/support/faq/5016/