8.8
CVE-2026-3841
- EPSS 0.64%
- Veröffentlicht 12.03.2026 17:25:58
- Zuletzt bearbeitet 02.04.2026 13:03:46
- Quelle f23511db-6c3e-4e32-a477-6aa17d
- CVE-Watchlists
- Unerledigt
LoginCommand Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-link ≫ Tl-mr6400 Firmware Version < 1.9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.706 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| f23511db-6c3e-4e32-a477-6aa17d310630 | 8.5 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.