Description
A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-05-11
Score: 5.1 Medium
EPSS: 4.6% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Tenda AC6 firmware 15.03.06.49_multi_TDE01 allows an attacker to manipulate the mac or ssid parameters in the /goform/WifiExtraSet endpoint, resulting in OS command injection. The attack can be performed remotely, and public exploits have been released, enabling arbitrary command execution on the device. The vulnerability maps to CWE-77 and CWE-78, indicating unsanitized command line arguments, while the presence of buffer overflow is not described in the CVE details.

Affected Systems

The affected product is the Tenda AC6 Wi‑Fi router running firmware version 15.03.06.49_multi_TDE01. No other vendors or products are listed in the CVE data.

Risk and Exploitability

The CVSS score of 5.1 classifies the issue as medium severity. EPSS score of 5% indicates a moderate exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The vulnerability is exploitable remotely via the web interface, and an exploit has already been publicly released, increasing the likelihood that resourceful adversaries may target vulnerable devices. The vulnerability does not appear to involve memory corruption or a buffer overflow, but attackers can execute arbitrary OS commands via the mac and ssid parameters.

Generated by OpenCVE AI on June 18, 2026 at 08:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Tenda AC6 firmware from the manufacturer’s website, which includes the patch for the command injection bug.
  • If an update is not possible, block or restrict access to the /goform/WifiExtraSet endpoint through network segmentation or firewall rules so that only trusted internal hosts can reach it.
  • Apply input‑validation and sanitization on the mac and ssid parameters, or re‑configure the device to disable remote management features that expose the vulnerable endpoint.

Generated by OpenCVE AI on June 18, 2026 at 08:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac10u
Tenda ac10u Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:ac10u:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*
Vendors & Products Tenda ac10u
Tenda ac10u Firmware

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac6
Vendors & Products Tenda ac6

Mon, 11 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Title Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection
First Time appeared Tenda
Tenda ac6 Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:tenda:ac6_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac6 Firmware
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac10u Ac10u Firmware Ac6 Ac6 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T17:31:16.800Z

Reserved: 2026-05-10T15:35:34.814Z

Link: CVE-2026-8263

cve-icon Vulnrichment

Updated: 2026-05-11T15:56:56.150Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T02:16:28.120

Modified: 2026-06-17T11:03:45.073

Link: CVE-2026-8263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T08:30:04Z

Weaknesses
  • CWE-77

    Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

  • CWE-787

    Out-of-bounds Write