EIP-2026-102073

PRE-CVE

TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102073. PoCs published by Christoph Kuhl.

AI-analyzed exploit summary This exploit leverages command injection in TP-Link TL-WR740N v4's Parental/Access Control features via poorly sanitized input in the `parent.sh` or `accessCtrl.sh` scripts. It bypasses the 28-byte payload limit by fetching a larger script via TFTP, enabling RCE as root.

Description

TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution

Exploits (1)

exploitdb WORKING POC
by Christoph Kuhl · textwebappshardware
https://www.exploit-db.com/exploits/34254

This exploit leverages command injection in TP-Link TL-WR740N v4's Parental/Access Control features via poorly sanitized input in the `parent.sh` or `accessCtrl.sh` scripts. It bypasses the 28-byte payload limit by fetching a larger script via TFTP, enabling RCE as root.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link TL-WR740N v4 (FW-Ver. 3.16.6 Build 130529 Rel.47286n)
Auth required
Prerequisites: Authenticated access to the router's web interface · TFTP server hosting the payload script · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026