CVE Catalog

CVE-2026-11410

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.79%

85th percentile — higher than 85% of all known CVEs

Summary

An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

Risk Assessment

This vulnerability could allow unauthorized users to gain control over the system, posing a significant security threat to the organization.

Recommendation

It is recommended to update the firmware to the latest version and implement additional security measures to restrict administrative access to trusted users.

Original NVD description (English source)

An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS