Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection_CVE-2026-8263

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Basic Information

ID CVE-2026-8263

Source VulDB

Published May 11, 2026 at 02:00

Affected Product

Vendor Tenda

Product AC6

Version 15.03.06.49_multi_TDE01

Affected Versions Tenda AC6 15.03.06.49_multi_TDE01

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-05-11T02:00:16.521Z",
    "modified": "2026-05-11T02:00:16.521Z",
    "type": "cve",
    "title": "Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/362560\nhttps://vuldb.com/vuln/362560/cti\nhttps://vuldb.com/submit/810074\nhttps://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-8263",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC6 15.03.06.49_multi_TDE01",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC6",
    "version": "15.03.06.49_multi_TDE01",
    "vendor": "Tenda",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}