Finding a RCE in my old TP-Link router
Summary
A security blogger documents discovering a remote code execution vulnerability in an older TP-Link TL-MR6400 router. The post details acquiring firmware from TP-Link's S3 bucket, extracting it, reverse engineering the CLI, and abusing an unsanitized workdir parameter to trigger a root shell via TFTP, with CVE-2026-3841 and a timeline of disclosure and patch. It emphasizes responsible disclosure and bug-bounty notes.