Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

AI Analysis

OS command injection vulnerability in Tenda F451 Web Management Interface

Basic Information

ID CVE-2026-11556

Source VulDB

Published Jun 8, 2026 at 18:00

Affected Product

Vendor Tenda

Product F451

Version 1.0.0.7

Affected Versions Tenda F451 1.0.0.7
Tenda F451 1.0.0.9

CWE Classification

CWE-78 CWE-77

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product F451

Version 1.0.0.7, 1.0.0.9

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.",
    "published": "2026-06-08T18:00:15.317Z",
    "modified": "2026-06-08T18:00:15.317Z",
    "type": "cve",
    "title": "Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/369166\nhttps://vuldb.com/vuln/369166/cti\nhttps://vuldb.com/cve/CVE-2026-11556\nhttps://vuldb.com/submit/836476\nhttps://github.com/Robots10/IoT_vlu/blob/main/reports/Tenda/formWriteFacMac2/formWriteFacMac.md\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-11556",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Tenda F451 1.0.0.7\nTenda F451 1.0.0.9",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "F451",
    "version": "1.0.0.7",
    "vendor": "Tenda",
    "ai_description": "OS command injection vulnerability in Tenda F451 Web Management Interface",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "F451",
    "ai_version": "1.0.0.7, 1.0.0.9",
    "ai_score": 8.7
}

Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection_CVE-2026-11556