A remote code execution vulnerability exists in Tenda AC18 V15.03.05.19 and V15.03.05.05, which stems from the failure of the Mac parameter of ip/goform/WriteFacMac to properly filter the special elements of the constructed code segment. An attacker could exploit the vulnerability to cause arbitrary code execution.