CVE-2026-11410
HighCVSS 7.2Exploitation Probability (EPSS)
High risk85th percentile — higher than 85% of all known CVEs
Summary
An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
Risk Assessment
This vulnerability could allow unauthorized users to gain control over the system, posing a significant security threat to the organization.
Recommendation
It is recommended to update the firmware to the latest version and implement additional security measures to restrict administrative access to trusted users.
Original NVD description (English source)
An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

