The Tenda AC10 is a wireless router from the Chinese company Tenda. A command execution vulnerability exists in Tenda AC10 version v15.03.06.26. The vulnerability stems from the application failing to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited by an attacker via formWriteWriteWriteWrite. An attacker can exploit this vulnerability to conduct a command injection attack via the mac parameter of the formWriteFacMac method.