Command Injection Vulnerability in TP-Link Routers
CVE-2026-3227

8.5HIGH

Key Information:

Vendor
CVE Published:
13 March 2026

Badges

📈 Trended📈 Score: 5,520

What is CVE-2026-3227?

CVE-2026-3227 is a command injection vulnerability found in specific models of TP-Link routers, specifically the TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6. This vulnerability arises from improper handling of certain characters within the router's configuration import function. When an authenticated attacker uploads a specially crafted configuration file, it can lead to the execution of operating system commands with root privileges during the port-trigger processing. As a result, this vulnerability poses a severe risk to organizations that rely on these routers, as it allows an attacker to gain full control over the affected device, potentially compromising the network security and integrity.

Potential impact of CVE-2026-3227

  1. Full Device Compromise: Successful exploitation of this vulnerability can enable an attacker to execute arbitrary commands on the router with root privileges, leading to total control over the device. This can facilitate further attacks on the internal network and connected devices.

  2. Network Security Breach: With administrative access to the router, an attacker could manipulate network traffic, redirect users to malicious sites, or intercept sensitive data. This can result in significant security breaches and data leakage for organizations utilizing these routers.

  3. Persistence of Threats: Once an attacker has compromised a router, they can establish persistence mechanisms, allowing them to maintain control even after potential mitigation attempts. This persistent threat could lead to long-term vulnerabilities in the organization’s overall cybersecurity posture.

Affected Version(s)

TL-WR802N v4 Linux 0

TL-WR840N v6 Linux 0

TL-WR841N v14 Linux 0

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

.