CVE Catalog

CVE-2026-11409

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.79%

85th percentile — higher than 85% of all known CVEs

Summary

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

Risk Assessment

This vulnerability poses a serious security risk, allowing an attacker to gain control over the device and perform unauthorized actions.

Recommendation

It is recommended to update the device firmware to the latest version that addresses this vulnerability and to restrict administrative access to trusted users.

Original NVD description (English source)

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS