CVE-2026-3841
Received Received - Intake
Command Injection in TP-Link TL-MR6400 CLI Enables Full Device Compromise

Publication date: 2026-03-12

Last updated on: 2026-04-02

Assigner: TPLink

Description
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-04-02
Generated
2026-05-07
AI Q&A
2026-03-12
EPSS Evaluated
2026-05-05
NVD
CVE-2026-3841
EUVD
EUVD-2026-11655
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link tl-mr6400_firmware to 1.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-3841 is a command injection vulnerability found in the Telnet command-line interface (CLI) of the TP-Link TL-MR6400 router, specifically version 5.3. This vulnerability is caused by insufficient sanitization of input data processed during certain CLI operations.

An authenticated attacker with elevated privileges can exploit this flaw to execute arbitrary system commands on the device.

Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker with elevated privileges to execute arbitrary system commands on the affected TP-Link TL-MR6400 device.

This can lead to full device compromise, which means the attacker could potentially control the device, disrupt its normal operation, and access or alter sensitive information.

The impact includes loss of confidentiality, integrity, and availability of the device and its data.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

[{'type': 'paragraph', 'content': 'To mitigate the CVE-2026-3841 vulnerability, you should update the TP-Link TL-MR6400 router firmware to version 1.9.0 Build 260108 or later.'}, {'type': 'paragraph', 'content': 'This firmware update addresses the command injection vulnerability in the Telnet CLI by improving input sanitization and security.'}, {'type': 'paragraph', 'content': "Ensure that the update is performed using the official firmware files from TP-Link's website, following recommended upgrade procedures such as using a wired connection and not interrupting the power during the upgrade."}] [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart