CVE 8.6 HIGH

Tenda G300-F Command Injection via formSetWanDiag_CVE-2026-25857

February 7, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Tenda G300-F router firmware versio 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without adequate neutralization. As a result, a remote attacker with access to the affected management interface can inject additional shell syntax and execute arbitrary commands on the device with the privileges of the management process.

AI Analysis

OS command injection vulnerability in WAN diagnostic functionality

Basic Information

ID CVE-2026-25857

Source VulnCheck

Published Feb 7, 2026 at 21:41

Affected Product

Vendor Shenzhen Tenda Technology

Product Tenda G300-F

Affected Versions Shenzhen Tenda Technology Tenda G300-F 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Shenzhen Tenda Technology

Product Tenda G300-F

Version 16.01.14.2 and prior

References

{
    "lastseen": "",
    "description": "Tenda G300-F router firmware versio 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the command line without adequate neutralization. As a result, a remote attacker with access to the affected management interface can inject additional shell syntax and execute arbitrary commands on the device with the privileges of the management process.",
    "published": "2026-02-07T21:41:41.340Z",
    "modified": "2026-02-07T21:41:41.340Z",
    "type": "cve",
    "title": "Tenda G300-F Command Injection via formSetWanDiag",
    "source": "VulnCheck",
    "references": "https://blog.evan.lat/blog/cve-2026-25857/\nhttps://www.tendacn.com/material/show/736333682028613\nhttps://www.vulncheck.com/advisories/tenda-g300-f-command-injection-via-formsetwandiag",
    "id": "CVE-2026-25857",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen Tenda Technology Tenda G300-F 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tenda G300-F",
    "version": "0",
    "vendor": "Shenzhen Tenda Technology",
    "ai_description": "OS command injection vulnerability in WAN diagnostic functionality",
    "ai_severity": "High",
    "ai_vendor": "Shenzhen Tenda Technology",
    "ai_product": "Tenda G300-F",
    "ai_version": "16.01.14.2 and prior",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply