6.5
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Description
An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter.
Basic Information
ID
CVE-2026-38142
Source
mitre
Published
Jul 1, 2026 at 00:00
Modified
Jul 1, 2026 at 18:48
Affected Product
Vendor
n/a
Product
n/a
Version
n/a
Affected Versions
n/a n/a n/a