HIGH🇬🇧 English

CVE-2026-11409

CVSS 8.5v4.0pub. 2026-06-17upd. 2026-06-18

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tp Link Tl Wr940n

    HW
    Tp-Link
    v6
  • Tp Link Tl Wr940n Firmware

    OS
    Tp-Link
    < 260528
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2023-36355CRITICAL9.9ten sam produkt

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDyna...

CVE-2023-33538HIGH8.8⚠ KEVten sam produkt

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection v...

CVE-2026-11410HIGH8.5ten sam produkt

An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module...

CVE-2025-6151HIGH8.2ten sam produkt

A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unkn...

CVE-2024-54887HIGH8.0ten sam produkt

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and ...