RCE in Tp-link Systems Inc. Tl-mr6400 V5.3
CVE-2026-3841
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authentica…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.007 (73.2th percentile) — read the EPSS interpretation.
Affected products
- Tp-link Systems Inc. Tl-mr6400 V5.3 — versions 0
Weakness classification (CWE)
References
- www.tp-link.com/en/support/download/tl-mr6400/v5.30/ (patch)
- www.tp-link.com/us/support/faq/5016/ (vendor-advisory)