CVE-2026-3227
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-78
Neutralización incorrecta de elementos especiales usados en un comando de sistema operativo (Inyección de comando de sistema operativo)
Fecha de publicación:
16/03/2026
Última modificación:
16/03/2026
Descripción
*** Pendiente de traducción *** A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. <br />
Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
Impacto
Puntuación base 4.0
8.50
Gravedad 4.0
ALTA
Referencias a soluciones, herramientas e información
- https://www.tp-link.com/en/support/download/tl-wr802n/v4/#Firmware
- https://www.tp-link.com/en/support/download/tl-wr840n/v6/#Firmware
- https://www.tp-link.com/en/support/download/tl-wr841n/v14/#Firmware
- https://www.tp-link.com/us/support/download/tl-wr802n/v4/#Firmware
- https://www.tp-link.com/us/support/download/tl-wr841n/v14/#Firmware
- https://www.tp-link.com/us/support/faq/5018/