CVE-2026-11409 TP-Link Systems Inc. CVE debrief

Who should care

Administrators and security teams responsible for managing and securing TL-WR940N v6 devices should be aware of this vulnerability. Additionally, individuals with administrative access to these devices should take immediate action to mitigate the risk.

Technical summary

The vulnerability exists in the IPv6 PPPoE configuration handler of TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access can exploit this issue to execute arbitrary system commands with elevated privileges. The CVSS vector is CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High

Recommended defensive actions

• Update to the latest firmware version as soon as available
• Restrict administrative access to the device
• Implement additional security measures such as monitoring and logging
• Conduct regular security audits and vulnerability assessments
• Consider replacing the device if it is no longer supported by the vendor

Evidence notes

The CVE record and NVD detail provide information on the vulnerability. The vendor is listed as Unknown Vendor, but evidence suggests the product is from Tp Link. The CVE was published on 2026-06-17 and modified on 2026-06-18.

Official resources