CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•3 views

CVE-2026-8263

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

9.8CVSS5.3AI score0.00346EPSS

RedhatCVE•added yesterday•3 views

CVE-2026-8264

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is...

8.8CVSS6.3AI score0.00839EPSS

RedhatCVE•added yesterday•2 views

CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

7.2CVSS5.2AI score0.0037EPSS

EUVD•added 2026/05/11 6:31 a.m.•5 views

EUVD-2026-29020

8.8CVSS6.4AI score0.00839EPSS

Exploits1References6

NVD•added 2026/05/11 4:16 a.m.•6 views

CVE-2026-8264

8.8CVSS0.00839EPSS

EUVD•added 2026/05/11 3:31 a.m.•10 views

EUVD-2026-29015

7.2CVSS5.5AI score0.0037EPSS

Exploits1References6

Cvelist•added 2026/05/11 2:30 a.m.•31 views

CVE-2026-8265 Tenda AC6 httpd getLogFile get_log_file os command injection

5.8CVSS0.0037EPSS

ATTACKERKB•added 2026/05/11 2:30 a.m.•6 views

CVE-2026-8265

5.8CVSS5.6AI score0.0037EPSS

CVE•added 2026/05/11 2:30 a.m.•11 views

CVE-2026-8265

The CVE-2026-8265 issue affects Tenda AC6 firmware version 15.03.06.23. The vulnerable component is httpd, specifically the function get_log_file in /goform/getLogFile, where manipulating the wans.flag argument leads to an OS command injection. The vulnerability is exploitable remotely and exploi...

7.2CVSS5.6AI score0.0037EPSS

Vulnrichment•added 2026/05/11 2:30 a.m.•5 views

CVE-2026-8265 Tenda AC6 httpd getLogFile get_log_file os command injection

5.8CVSS5.6AI score0.0037EPSS

NVD•added 2026/05/11 2:16 a.m.•7 views

CVE-2026-8263

9.8CVSS0.00346EPSS

NVD•added 2026/05/11 2:16 a.m.•9 views

CVE-2026-8259

7.2CVSS0.0037EPSS

Vulnrichment•added 2026/05/11 2:15 a.m.•5 views

CVE-2026-8264 Tenda AC6 httpd WifiApScan formWifiApScan os command injection

6.5CVSS6.4AI score0.00839EPSS

ATTACKERKB•added 2026/05/11 2:15 a.m.•7 views

CVE-2026-8264

6.5CVSS5.6AI score0.00839EPSS

Cvelist•added 2026/05/11 2:15 a.m.•32 views

CVE-2026-8264 Tenda AC6 httpd WifiApScan formWifiApScan os command injection

6.5CVSS0.00839EPSS

CVE•added 2026/05/11 2:15 a.m.•17 views

CVE-2026-8264

CVE-2026-8264 affects Tenda AC6 15.03.06.23. The vulnerability is in httpd, specifically the formWifiApScan function in /goform/WifiApScan. An attacker can manipulate the arguments wl2g.public.country/wl5g.public.country to trigger an OS command injection, with remote feasibility. The description...

8.8CVSS6.4AI score0.00839EPSS

Vulnrichment•added 2026/05/11 2:0 a.m.•4 views

CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection

5.8CVSS5.6AI score0.00346EPSS

CVE•added 2026/05/11 2:0 a.m.•12 views

CVE-2026-8263

The CVE affects Tenda AC6 (firmware 15.03.06.49_multi_TDE01) where the fromSetWirelessRepeat function in /goform/WifiExtraSet within the httpd component is vulnerable. Manipulating the mac/ssid arguments enables an OS command injection, allowing remote exploitation. Public exploits have been rele...

9.8CVSS5.7AI score0.00346EPSS

ATTACKERKB•added 2026/05/11 2:0 a.m.•5 views

CVE-2026-8263

5.8CVSS5.6AI score0.00346EPSS