CVE-2026-3227 HIGH

CVE-2026-3227: Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N

Vendor Tp-Link Systems Inc.
Product TL-WR802N v4
Weakness CWE-78
Published March 13, 2026
Last update March 17, 2026
View on NVD All CVEs

CVSS base score

8.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.

Key dates

02Disclosure timeline

March 13, 2026 CVE published
March 17, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-12775 Hicos citizen certificate client-side component - Command Injection CVE-2026-32298 Angeet ES3 KVM OS command injection CVE-2025-5571 D-Link DCS-932L setSystemAdmin os command injection CVE-2023-41192 D-Link DAP-1325 HNAP SetAPLanSettings PrimaryDNS Command Injection Remote Code Execution Vulnerability CVE-2025-9661 OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28