cvedb.io
CVE-2026-3841
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-03-12T18:16:26.107 · Last modified 2026-06-17T10:44:19.750

Summary

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.

Affected products

tp-link — tl-mr6400_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when tp-link ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.