Description
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-05-11
Score: 5.3 Medium
EPSS: 2.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the formWifiApScan interface of Tenda AC6 firmware 15.03.06.23, where crafting specific values for the country parameters (wl2g.public.country or wl5g.public.country) allows an attacker to inject and execute arbitrary operating‑system commands. The flaw is a classic OS command injection (CWE-77 and CWE-78), giving a remote attacker the ability to run any shell command on the device. The exploit is delivered via HTTP, requiring only the ability to send a request to the router; authentication is not necessary. The CVSS score of 5.3 reflects moderate severity, but the public availability of an exploit and the lack of authentication make the risk high in environments where the router is exposed to untrusted networks. The vulnerability is not listed in the CISA KEV catalog, yet the remote nature and potential for full device compromise warrant urgent attention.

Affected Systems

Affected systems include Tenda AC6 routers running firmware version 15.03.06.23. The vulnerability is specific to the formWifiApScan interface in the httpd component. All Tenda AC6 devices with this firmware are impacted unless upgraded.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, but the combination of an unauthenticated remote trigger and an available public exploit elevates the overall risk. Because the router’s web interface is often reachable from external networks, a threat actor can target it with minimal effort, potentially leading to full device compromise. The lack of a CISA KEV listing does not diminish the threat, as the flaw remains runnable by anyone who can reach the router. In environments where the device is exposed, the exploit is trivial to launch.

Generated by OpenCVE AI on May 11, 2026 at 04:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest version that removes the vulnerable formWifiApScan endpoint.
  • Restrict external access to the router’s web interface, limiting it to trusted LAN hosts with firewall or ACL rules.
  • If a firmware upgrade is not immediately possible, block or filter requests to the /goform/WifiApScan path or to the country parameters via the router’s built‑in firewall or a local firewall appliance.
  • Monitor the device’s administrative logs for anomalous requests to /goform/WifiApScan and apply a web‑application firewall rule to reject malformed country parameters.

Generated by OpenCVE AI on May 11, 2026 at 04:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac6
Vendors & Products Tenda ac6

Mon, 11 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Title Tenda AC6 httpd WifiApScan formWifiApScan os command injection
First Time appeared Tenda
Tenda ac6 Firmware
Weaknesses CWE-77
CWE-78
CPEs cpe:2.3:o:tenda:ac6_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac6 Firmware
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac6 Ac6 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T12:47:59.722Z

Reserved: 2026-05-10T15:35:39.391Z

Link: CVE-2026-8264

cve-icon Vulnrichment

Updated: 2026-05-11T12:47:55.929Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T04:16:17.023

Modified: 2026-05-11T15:06:30.020

Link: CVE-2026-8264

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T05:00:10Z

Weaknesses