CVE-2026-11410

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11409

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

CVE-2026-11410

The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...

PT-2026-50084

Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...

CVE-2025-11676

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

CVE-2025-11676 UPnP DOS in TL-WR940N V6

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

CVE-2025-11676 UPnP DOS in TL-WR940N V6

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

CVE-2025-11676

CVE-2025-11676 affects TP-Link TL-WR940N V6 (UPnP modules). The issue is an improper input validation vulnerability that allows unauthenticated adjacent attackers to cause a denial-of-service, affecting TL-WR940N V6

PT-2025-47559

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

EUVD-2022-48977

Malicious code in bioql PyPI...

Exploit for Command Injection in Tp-Link Tl-Wr940N_Firmware

CVE-2023-33538 – TP-Link TL-WR940N/841N Command Injection Met...

CVE-2025-6151

A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no long...

CVE-2025-6151

CVE-2025-6151 affects TP-Link TL-WR940N V4 and TL-WR841N V11. The root cause is a buffer overflow in the /userRpm/WanSlaacCfgRpm.htm functionality triggered by manipulating the dnsserver1 parameter. This can be exploited remotely over the network, and the affected devices are no longer supported ...

VulnCheck KEV: CVE-2023-33538

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

PT-2025-25605 · Tp Link · Tp-Link Tl-Wr940N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N version V4 Description: A critical vulnerability has been found in the TP-Link TL-WR940N V4, affecting some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to...

CVE-2023-23040

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...

CVE-2022-46139

TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service DoS via uploading a crafted firmware image during the firmware update process...

CVE-2019-6989

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevate...