Description
A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-05-11
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Tenda AC6 firmware 15.03.06.49_multi_TDE01 allows an attacker to manipulate the mac or ssid parameters in the /goform/WifiExtraSet endpoint, resulting in OS command injection. Additionally, the handling of these parameters can lead to a buffer overflow (CWE-787), potentially enabling memory corruption and increasing the impact. An exploitation of this weakness can execute arbitrary commands on the device, potentially providing full control over the router. The weakness falls under CWE‑77, CWE‑78, and CWE‑787, indicating that unsanitized command line arguments are being passed to the operating system and that buffer misuse could occur.

Affected Systems

The affected product is the Tenda AC6 Wi‑Fi router running firmware version 15.03.06.49_multi_TDE01. No other vendors or products are listed in the CVE data.

Risk and Exploitability

The CVSS score of 5.1 classifies the issue as medium severity. EPSS score of 0.00561 indicates a very low but non‑zero exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The vulnerability is exploitable remotely via the web interface, and an exploit has already been publicly released, increasing the likelihood that resourceful adversaries may target vulnerable devices. The presence of a buffer overflow (CWE‑787) may allow attackers to achieve higher privileges or crash the device.

Generated by OpenCVE AI on May 12, 2026 at 21:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Tenda AC6 firmware from the manufacturer’s website, which includes the patch for the command injection and buffer overflow bug.
  • If an update is not possible, block or restrict access to the /goform/WifiExtraSet endpoint through network segmentation or firewall rules so that only trusted internal hosts can reach it.
  • Apply input‑validation and sanitization on the mac and ssid parameters, or re‑configure the device to disable remote management features that expose the vulnerable endpoint.

Generated by OpenCVE AI on May 12, 2026 at 21:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac10u
Tenda ac10u Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:ac10u:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*
Vendors & Products Tenda ac10u
Tenda ac10u Firmware

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac6
Vendors & Products Tenda ac6

Mon, 11 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Title Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection
First Time appeared Tenda
Tenda ac6 Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:tenda:ac6_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac6 Firmware
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac10u Ac10u Firmware Ac6 Ac6 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T17:31:16.800Z

Reserved: 2026-05-10T15:35:34.814Z

Link: CVE-2026-8263

cve-icon Vulnrichment

Updated: 2026-05-11T15:56:56.150Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T02:16:28.120

Modified: 2026-05-12T19:41:18.873

Link: CVE-2026-8263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T22:00:22Z

Weaknesses