CVE-2026-38142
01.07.2026, 19:16
An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter.
Awaiting analysis
This vulnerability is currently awaiting analysis.
References