Authenticated OS Command Injection in TP-Link TL-WR940N Router
CVE-2026-11410

8.5HIGH

Key Information:

Vendor

Tp-link Systems Inc.

Status
Tl-wr940n V6
Vendor
CVE Published:
16 June 2026

What is CVE-2026-11410?

An authenticated vulnerability exists in the WAN configuration module of the TP-Link TL-WR940N v6 router, stemming from insufficient user input sanitization. This issue allows an attacker with administrative access to exploit the vulnerability and execute arbitrary system commands with elevated privileges, potentially compromising the device's security and functionality.

Affected Version(s)

TL-WR940N v6 0

References

https://www.tp-link.com/en/support/download/tl-wr940n/v6/...
patch
https://www.tp-link.com/us/support/download/tl-wr940n/v6/...
patch
https://www.tp-link.com/us/support/faq/5131/
vendor-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Duong Ton Hoang Khang of Sacombank
.