Command Injection Vulnerability in TP-Link Routers
CVE-2026-3227

8.5HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Tl-wr802n V4
Tl-wr841n V14
Tl-wr840n V6
Vendor
CVE Published:
13 March 2026

What is CVE-2026-3227?

A command injection vulnerability has been detected in specific TP-Link router models, allowing an authenticated attacker to exploit the router's configuration import function. By uploading a specially crafted configuration file, attackers can execute OS commands with root privileges during the port-trigger processing phase. This can lead to complete compromise of the device, granting the attacker unauthorized control and access to sensitive information. Users are urged to apply available firmware patches to mitigate this security risk.

Affected Version(s)

TL-WR802N v4 Linux 0

TL-WR840N v6 Linux 0

TL-WR841N v14 Linux 0

References

https://www.tp-link.com/en/support/download/tl-wr802n/v4/...
patch
https://www.tp-link.com/us/support/download/tl-wr802n/v4/...
patch
https://www.tp-link.com/en/support/download/tl-wr841n/v14...
patch

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.