8.5
CVE-2026-11409
- EPSS 2.79%
- Veröffentlicht 16.06.2026 21:03:47
- Zuletzt bearbeitet 16.06.2026 21:03:47
- Quelle f23511db-6c3e-4e32-a477-6aa17d
- CVE-Watchlists
- Unerledigt
OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N
An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerTP-Link Systems Inc.
≫
Produkt
TL-WR940N v6
Default Statusunaffected
Version
0
Version <
V6_260528
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.79% | 0.845 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f23511db-6c3e-4e32-a477-6aa17d310630 | 8.5 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
|
https://www.tp-link.com/us/support/download/tl-wr940n/v6/#Firmware
https://www.tp-link.com/en/support/download/tl-wr940n/v6/#Firmware
https://www.tp-link.com/us/support/faq/5131/