TP-Link TL-MR6400
Moderate fix1 remedy
cpe:2.3:h:tp-link:mr6400:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- < 1.9.0 Build 260108
TP-Link TL-MR6400 Command Injection Vulnerability in Telnet CLI
Vulnerability
Patched
A command injection vulnerability exists in the Telnet command-line interface of the TP-Link TL-MR6400 router, specifically in version 5.3 prior to 1.9.0 Build 260108. This vulnerability arises from inadequate data sanitization during certain CLI operations, allowing an authenticated attacker with elevated privileges to execute arbitrary system commands. Exploitation of this vulnerability could lead to a complete compromise of the device.
Impact
Exploitation of this vulnerability could result in full device compromise, allowing unauthorized execution of system commands and potentially leading to a loss of confidentiality, integrity, and availability.
Remediation
Users are advised to upgrade to the latest firmware version available on the TP-Link official website for their region. The TL-MR6400 V5.3 firmware version 1.9.0 Build 260108 is the latest version that addresses this vulnerability.
Added: Mar 12, 2026, 6:19 PM
Updated: Mar 12, 2026, 6:19 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
4.4remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.