CVE-2026-11409
Received Received - Intake
Authenticated OS Command Injection in TP-Link TL-WR940N v6

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: TPLink

Description
An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-11409
EUVD
EUVD-2026-37499
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tp-link tl-wr940n 6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows attackers with authenticated access to execute arbitrary system commands with elevated privileges, potentially compromising the confidentiality, integrity, and availability of the device.

Such compromises can lead to unauthorized access or control over sensitive data or systems, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and health information.

Failure to mitigate this vulnerability by applying firmware updates or restricting administrative access could increase the risk of data breaches or system compromise, thereby affecting regulatory compliance.

Executive Summary

This vulnerability is an authenticated OS command injection issue found in the IPv6 PPPoE configuration handler of the TP-Link TL-WR940N v6 router. It occurs because the device does not properly sanitize user input, allowing an attacker who has administrative access to the device's web management interface to execute arbitrary system commands with elevated privileges.

Impact Analysis

Exploiting this vulnerability can allow an attacker with administrative access to execute arbitrary commands on the device with elevated privileges. This can lead to a compromise of the device's confidentiality, integrity, and availability, potentially allowing the attacker to control the device, disrupt network services, or access sensitive information.

Mitigation Strategies

To mitigate this vulnerability, users should update the TP-Link TL-WR940N v6 device to the latest firmware version provided by TP-Link.

Additionally, administrative access should be restricted to trusted networks only.

If possible, upgrading to a supported model is recommended for ongoing protection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11409. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart