Do4Choo

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR802N version 4 TP-Link TL-WR841N version 14 TP-Link TL-WR840N version 6 **Description** A command injection issue exists due to improper handling of special characters within OS commands. The issue is present in the router configuration import function, allowing an authenticated attacker to upload a specially crafted configuration file. This results in the execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise. **Recommendations** TP-Link TL-WR802N version 4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TP-Link TL-WR841N version 14: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TP-Link TL-WR840N version 6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.