60 matches found
CVE-2026-11556
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...
EUVD-2026-35179
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack i...
PT-2026-47437
Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A security flaw in the Web Management Interface allows remote exploitation via OS command injection. The issue exists within the formWriteFacMac function located in the /goform/WriteFacMa...
EUVD-2026-17243
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2026-5153 Tenda CH22 WriteFacMac FormWriteFacMac command injection
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2026-5153 Tenda CH22 WriteFacMac FormWriteFacMac command injection
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...
CVE-2026-5153
CVE-2026-5153 concerns Tenda CH22 (v1.0.0.1). The flaw is in the function FormWriteFacMac of the file /goform/WriteFacMac. Manipulating the mac argument can lead to arbitrary command execution, potentially exploitable by an attacker over the network. The vulnerability description notes that the a...
Tenda CH22 命令注入漏洞
The Tenda CH22 is a network device produced by the Chinese company Tenda. Version 1.0.0.1 of the Tenda CH22 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “mac” in the function FormWriteFacMac defined in the file/goform/WriteFacMac,...
EUVD-2026-14327
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...
CVE-2026-4554 Tenda F453 WriteFacMac FormWriteFacMac privilege escalation
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...
PT-2026-27019
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...
EUVD-2023-41064
Malicious code in bioql PyPI...
CVE-2024-3009
A vulnerability has been found in Tenda FH1205 2.0.0.7775 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit h...
CVE-2023-37144
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac...
The vulnerability of the formWriteFacMac() function (/goform/WriteFacMac) in the Tenda AC6 router software allows a hacker to execute arbitrary commands.
The vulnerability of the formWriteFacMac function /goform/WriteFacMac of the Tenda AC6 router software lies in the lack of data cleaning at the control level when processing the mac parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...
CVE-2024-42634
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges...
PT-2024-30085 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.06.42 Description: A Command Injection issue exists in the formWriteFacMac function of the httpd binary. This allows an attacker to execute OS commands with root privileges. Recommendations: For Tenda AC9 version...
The vulnerability of the WriteFacMac function in the microprogramming software for Tenda FH1201 allows a hacker to execute arbitrary commands.
The vulnerability of the formWriteFacMac function in the Tenda FH1201 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of the formWriteFacMac function in the microprogramming software for wireless Wi-Fi routers Tenda W30E allows a hacker to execute arbitrary commands.
The vulnerability of the formWriteFacMac function in the Tenda W30E wireless Wi-Fi router software exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Tenda AC500 Command Injection Vulnerability
The Tenda AC500 is a Gigabit port access controller from Tenda, China. A command injection vulnerability exists in Tenda AC500 version 2.0.1.91307, which stems from a command injection issue in the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file. No details of the...