Skip to main content

Tl Wr940N V6

2 CVEs product

Monthly

CVE-2026-11409 HIGH PATCH This Week

Authenticated OS command injection in the TP-Link TL-WR940N v6 router's IPv6 PPPoE configuration handler allows administrators to break out of the configuration parser and execute arbitrary shell commands with elevated (typically root) privileges on the device. The flaw was reported by TP-Link itself and a firmware fix is available; no public exploit identified at time of analysis. Risk is bounded by the CVSS 4.0 vector requiring adjacent-network access and high privileges (AV:A/PR:H), but post-exploitation impact on confidentiality, integrity, and availability is rated High.

Command Injection Tl Wr940N V6
NVD
CVSS 4.0
8.5
EPSS
1.3%
CVE-2026-11410 HIGH PATCH This Week

Authenticated OS command injection in the TP-Link TL-WR940N v6 router's BigPond Cable (BPA) WAN configuration module allows administrators to execute arbitrary system commands with elevated privileges on the device. The flaw stems from improper sanitization of user-supplied input in the WAN setup path and affects firmware versions prior to V6_260528. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Command Injection Tl Wr940N V6
NVD
CVSS 4.0
8.5
EPSS
1.3%
EPSS 1% CVSS 8.5
HIGH PATCH This Week

Authenticated OS command injection in the TP-Link TL-WR940N v6 router's IPv6 PPPoE configuration handler allows administrators to break out of the configuration parser and execute arbitrary shell commands with elevated (typically root) privileges on the device. The flaw was reported by TP-Link itself and a firmware fix is available; no public exploit identified at time of analysis. Risk is bounded by the CVSS 4.0 vector requiring adjacent-network access and high privileges (AV:A/PR:H), but post-exploitation impact on confidentiality, integrity, and availability is rated High.

Command Injection Tl Wr940N V6
NVD
EPSS 1% CVSS 8.5
HIGH PATCH This Week

Authenticated OS command injection in the TP-Link TL-WR940N v6 router's BigPond Cable (BPA) WAN configuration module allows administrators to execute arbitrary system commands with elevated privileges on the device. The flaw stems from improper sanitization of user-supplied input in the WAN setup path and affects firmware versions prior to V6_260528. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Command Injection Tl Wr940N V6
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy