CVE-2026-7102

A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be...

PT-2026-29131

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

Tenda CH22 命令注入漏洞

The Tenda CH22 is a network device produced by the Chinese company Tenda. Version 1.0.0.1 of the Tenda CH22 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “mac” in the function FormWriteFacMac defined in the file/goform/WriteFacMac,...

CVE-2026-4554 Tenda F453 WriteFacMac FormWriteFacMac privilege escalation

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2026-4554 Tenda F453 WriteFacMac FormWriteFacMac privilege escalation

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2024-3009

A vulnerability has been found in Tenda FH1205 2.0.0.7775 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit h...

CVE-2024-41473

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac...

CVE-2024-41473

The advisory covers CVE-2024-41473 affecting Tenda FH1201 v1.2.0.14, where a command injection vulnerability exists in the mac parameter of ip/goform/WriteFacMac. The vulnerability targets the management interface and could allow an attacker to execute arbitrary commands. Reported impact is high/...

PT-2024-5258 · Tenda · Tenda Fh1201

Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: The issue is related to a command injection vulnerability. It is associated with the lack of data sanitization at the management level, specifically via the mac parameter at the "ip/goform/WriteFacMa...

CVE-2024-35339

The CVE-2024-35339 entry concerns Tenda FH1206, affected version 1.2.0.8(8155), with a command injection vulnerability exposed via the mac parameter at ip/goform/WriteFacMac. The issue is described as allowing remote command execution and is supported by multiple sources. The CVSSv3.1 vector indi...

Tenda W30E 操作系统命令注入漏洞

The Tenda W30E is a wireless router device that provides Internet access, wireless coverage and more. A command injection vulnerability exists in the formWriteFacMac function of the /goform/WriteFacMac file in version 1.0.1.25633 of the Tenda W30E, which can be exploited by an attacker to execute...

Tenda FH1203 formWriteFacMac Method Command Injection Vulnerability

Tenda FH1203 is a dual-band wireless router from China's Tenda, mainly used for home network coverage and enhancement. The Tenda FH1203 suffers from a command injection vulnerability that stems from the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file failing to properl...

CVE-2024-3009

CVE-2024-3009 affects Tenda FH1205 firmware v2.0.0.7(775). The vulnerability lies in the function formWriteFacMac in the file /goform/WriteFacMac, where manipulating the mac argument leads to command injection. This can be triggered remotely over a network with no user interaction, and public exp...

Tenda AC10 OS Command Injection Vulnerability (CNVD-2024-15743)

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter...

CVE-2024-2707

A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has...

Tenda AC10 操作系统命令注入漏洞

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter...

PT-2024-2407 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.20 multi Description: A critical issue affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection, allowing remote...

Tenda AC5 Code Execution Vulnerability

Tenda AC5 is a wireless router from Tenda, a Chinese company. A code execution vulnerability exists in Tenda AC5 version V15.03.06.28, which stems from the Mac parameter of ip/goform/WriteFacMac failing to correctly filter special elements of the constructed snippet. An attacker can exploit this...

CVE-2023-31587

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...

CVE-2023-31587

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...