CVE-2026-8263
EUVD-2026-2901911.05.2026, 02:16
A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tenda | ac10u_firmware | 15.03.06.49_multi_tde01:_multi_tde01 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.