Security Advisory on Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400 (CVE-2026-3841)
1568 Vulnerability and Impact Description:
CVE-2026-3841:
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.
CVSS v4.0 Score: 8.5 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Affected Version |
|
TL-MR6400 v5.3 |
< 1.9.0 Build 260108 |
Recommendations:
We strongly recommend that users with affected devices take the following actions:
- Download and update to the latest firmware version to fix the vulnerabilities on our website.
EN: Download for TL-MR6400 | TP-Link
Note: TL-MR6400 is not sold in the US.
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
這篇faq是否有用?
您的反饋將幫助我們改善網站