Vulnerability Details CVE-2026-11410
An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 84.5%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2026-11410
-
cpe:2.3:h:tp-link:tl-wr940n:-
-
cpe:2.3:o:tp-link:tl-wr940n_firmware:-
-
cpe:2.3:o:tp-link:tl-wr940n_firmware:211111
-
cpe:2.3:o:tp-link:tl-wr940n_firmware:3.16.9
-
cpe:2.3:o:tp-link:tl-wr940n_firmware:3.20.1
-
cpe:2.3:o:tp-link:tl-wr940n_firmware:6_211111_3.20.1
-
cpe:2.3:o:tp-link:tl-wr940n_firmware:6_3.19.1