Sign-up

ID

VAR-202603-4171


CVE

CVE-2026-3227


TITLE

TP-LINK Technologies of TL-WR802N  Firmware and other multiple products OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-010229

DESCRIPTION

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise. OS The command will be executed. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-3227 // JVNDB: JVNDB-2026-010229

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr840nscope:ltversion:260304

Trust: 1.0

vendor:tp linkmodel:tl-wr802nscope:ltversion:260304

Trust: 1.0

vendor:tp linkmodel:tl-wr841nscope:ltversion:260303

Trust: 1.0

vendor:tp linkmodel:tl-wr840nscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-wr802nscope: - version: -

Trust: 0.8

vendor:tp linkmodel:tl-wr841nscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-010229 // NVD: CVE-2026-3227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-3227
value: MEDIUM

Trust: 1.0

f23511db-6c3e-4e32-a477-6aa17d310630: CVE-2026-3227
value: HIGH

Trust: 1.0

NVD: CVE-2026-3227
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2026-3227
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2026-3227
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-010229 // NVD: CVE-2026-3227 // NVD: CVE-2026-3227

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-010229 // NVD: CVE-2026-3227

PATCH

title:Security Advisory on Authenticated Command Injection Vulnerability on TP-Link TL-WR802N, TL-WR841N and TL-WR840N (CVE-2026-3227)url:https://www.tp-link.com/us/support/faq/5018/

Trust: 0.8

sources: JVNDB: JVNDB-2026-010229

EXTERNAL IDS

db:NVDid:CVE-2026-3227

Trust: 2.6

db:JVNDBid:JVNDB-2026-010229

Trust: 0.8

sources: JVNDB: JVNDB-2026-010229 // NVD: CVE-2026-3227

REFERENCES

url:https://www.tp-link.com/en/support/download/tl-wr840n/v6/#firmware

Trust: 1.8

url:https://www.tp-link.com/us/support/download/tl-wr841n/v14/#firmware

Trust: 1.8

url:https://www.tp-link.com/en/support/download/tl-wr841n/v14/#firmware

Trust: 1.8

url:https://www.tp-link.com/us/support/download/tl-wr802n/v4/#firmware

Trust: 1.8

url:https://www.tp-link.com/en/support/download/tl-wr802n/v4/#firmware

Trust: 1.8

url:https://www.tp-link.com/us/support/faq/5018/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-3227

Trust: 0.8

sources: JVNDB: JVNDB-2026-010229 // NVD: CVE-2026-3227

SOURCES

db:JVNDBid:JVNDB-2026-010229
db:NVDid:CVE-2026-3227

LAST UPDATE DATE

2026-04-08T19:44:50.509000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-010229date:2026-04-08T01:54:00
db:NVDid:CVE-2026-3227date:2026-04-07T01:07:52.933

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-010229date:2026-04-08T00:00:00
db:NVDid:CVE-2026-3227date:2026-03-16T14:19:47.257