Lucene search
+L

CVE-2026-8264

🗓️ 11 May 2026 02:15:09Reported by VulDBType 
cve
 cve
🔗 web.nvd.nist.gov👁 37 Views🌐 WEB

Remote OS command injection in Tenda AC6 via WifiApScan form enabling country parameter manipulation.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
attackerkb
CVE-2026-8264
11 May 202602:15
attackerkb
bdu_fstec
The vulnerability of the formWifiApScan() function in the microprogramming software for Tenda AC6 allows a hacker to execute arbitrary code.
13 May 202600:00
bdu_fstec
circl
CVE-2026-8264
11 May 202606:41
circl
cnnvd
Tenda AC6 命令注入漏洞
11 May 202600:00
cnnvd
cvelist
CVE-2026-8264 Tenda AC6 httpd WifiApScan formWifiApScan os command injection
11 May 202602:15
cvelist
euvd
EUVD-2026-29020
11 May 202606:31
euvd
nvd
CVE-2026-8264
11 May 202604:16
nvd
ptsecurity
PT-2026-39563
11 May 202600:00
ptsecurity
redhatcve
CVE-2026-8264
5 Jun 202619:43
redhatcve
vulnrichment
CVE-2026-8264 Tenda AC6 httpd WifiApScan formWifiApScan os command injection
11 May 202602:15
vulnrichment
Rows per page
NVD
Vulners
Node
AND
tendaac6_firmwareMatch15.03.06.23
tendaac6Match2.0
[
  {
    "vendor": "Tenda",
    "product": "AC6",
    "versions": [
      {
        "version": "15.03.06.23",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:o:tenda:ac6_firmware:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "httpd"
    ]
  }
]
ParameterPositionPathDescriptionCWE
wl2g.public.countryquery param/goform/WifiApScanRemote command injection via manipulation of wifi country parameters in WifiApScan form causes OS command execution.CWE-77CWE-78
wl5g.public.countryquery param/goform/WifiApScanRemote command injection via manipulation of wifi country parameters in WifiApScan form causes OS command execution.CWE-77CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 11:03Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.3 - 8.8
CVSS 45.3
CVSS 26.5
CVSS 36.3
EPSS0.02891
SSVC
37