Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.5
TP-Link TL-MR6400 Router Telnet Interface Allows Unauthorized Code Execution
CVE-2026-3841
Summary
An attacker with permission to access the TP-Link TL-MR6400's Telnet interface can potentially take control of the device, compromising its security and potentially leading to data loss or unavailability. It's essential to update the router's firmware to the latest version to fix this issue. Users should do this as soon as possible to protect their device.
Original title
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed duri...
Original description
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.
nvd CVSS4.0
8.5
Vulnerability type
CWE-78
OS Command Injection
Published: 12 Mar 2026 · Updated: 14 Mar 2026 · First seen: 12 Mar 2026