CVE-2026-3227

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file...

CVE-2026-3227 Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file...

CVE-2026-3227

Technical details beyond the brief description are not provided in the supplied documents. Monitor for updates on affected devices and firmware.

CVE-2022-26641

TP-LINK TL-WR840NESV6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter...

CVE-2022-26642

TP-LINK TL-WR840NESV6.20 was discovered to contain a buffer overflow via the XTPClonedMACAddress parameter...

CVE-2019-12195

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was...

VulnCheck KEV: CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of...

EUVD-2019-3843

Malware in sbrugna...

EUVD-2022-31193

Malicious code in bioql PyPI...

EUVD-2022-31194

Malicious code in bioql PyPI...

EUVD-2022-33741

Malicious code in bioql PyPI...

EUVD-2021-32822

Malicious code in bioql PyPI...

CVE-2022-29402

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication...

CVE-2022-26640

TP-LINK TL-WR840NESV6.20 was discovered to contain a buffer overflow via the minAddress parameter...

CVE-2022-25060

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a command injection vulnerability via the component oalstartPing...

CVE-2022-25061

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a command injection vulnerability via the component oalsetIp6DefaultRoute...

CVE-2022-25062

TP-LINK TL-WR840NESV6.20180709 was discovered to contain an integer overflow via the function dmcheckString. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2021-46122

Tp-Link TL-WR840N EU v6.20 Firmware 0.9.1 4.17 v0001.0 Build 201124 Rel.64328n is vulnerable to Buffer Overflow via the Password reset feature...

CVE-2021-41653

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a crafted payload in an IP address input field...

CVE-2020-36178

oaliptaddBridgeIsolationRules on TP-Link TL-WR840N 6EU0.9.14.16 devices allows OS command injection because a raw string entered from the web interface an IP address field is used directly for a call to the system library function for iptables. NOTE: oaliptaddBridgeIsolationRules is not the only...