Description
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-05-11
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the formWifiApScan interface of Tenda AC6 firmware 15.03.06.23, where crafting specific values for the country parameters (wl2g.public.country or wl5g.public.country) allows an attacker to inject and execute arbitrary operating‑system commands. The attack is delivered via HTTP; based on the description, it is inferred that authentication is not required, enabling an attacker to run any shell command on the device without valid credentials.

Affected Systems

Affected systems include Tenda AC6 routers running firmware version 15.03.06.23. The vulnerability is specific to the formWifiApScan interface in the httpd component. All Tenda AC6 devices with this firmware are impacted unless upgraded.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, but the combination of a remote trigger and an available public exploit elevates the overall risk. Based on the description, it is inferred that authentication is not required. The EPSS score of <1% indicates that the likelihood of exploitation is low, but the vulnerability remains within the scope of potential attacks. Because the router’s web interface is often reachable from external networks, a threat actor can target it with minimal effort, potentially leading to full device compromise. The lack of a CISA KEV listing does not diminish the threat, as the flaw remains runnable by anyone who can reach the router.

Generated by OpenCVE AI on May 12, 2026 at 14:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest version that removes the vulnerable formWifiApScan endpoint.
  • Restrict external access to the router’s web interface, limiting it to trusted LAN hosts with firewall or ACL rules.
  • If a firmware upgrade is not immediately possible, block or filter requests to the /goform/WifiApScan path or to the country parameters via the router’s built‑in firewall or a local firewall appliance.
  • Monitor the device’s administrative logs for anomalous requests to /goform/WifiApScan and apply a web‑application firewall rule to reject malformed country parameters.

Generated by OpenCVE AI on May 12, 2026 at 14:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac6
Vendors & Products Tenda ac6

Mon, 11 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Title Tenda AC6 httpd WifiApScan formWifiApScan os command injection
First Time appeared Tenda
Tenda ac6 Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:tenda:ac6_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac6 Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac6 Ac6 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T12:47:59.722Z

Reserved: 2026-05-10T15:35:39.391Z

Link: CVE-2026-8264

cve-icon Vulnrichment

Updated: 2026-05-11T12:47:55.929Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T04:16:17.023

Modified: 2026-05-11T17:04:06.110

Link: CVE-2026-8264

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T15:00:16Z

Weaknesses