OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

Vulnerability

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler of the TP-Link TL-WR940N v6 router. The issue stems from improper sanitization of user-supplied input, which is incorporated into system command execution. The vulnerability affects all firmware versions prior to V6_260528 [3].

Exploitation

An attacker must possess administrative access to the web management interface. No additional privileges or user interaction beyond authentication are required. By crafting malicious input in the IPv6 PPPoE configuration fields, the attacker can inject arbitrary system commands that are executed by the device [3].

Impact

Successful exploitation allows execution of arbitrary system commands with elevated privileges. This can lead to disclosure of sensitive information (confidentiality), modification of system configuration (integrity), and disruption of device availability. The CVSS v4.0 score is 8.5 (High) with associated vector AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N [3].

Mitigation

Fixed firmware version V6_260528 is available [1][2][3]. TP-Link recommends upgrading to this version to remediate the vulnerability. Since the TL-WR940N v6 has reached end-of-life (EOL), users are also advised to consider upgrading to a supported device model for ongoing security updates [3].