EUVD-2026-17243

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-5153 Tenda CH22 WriteFacMac FormWriteFacMac command injection

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-5153

CVE-2026-5153 concerns Tenda CH22 (v1.0.0.1). The flaw is in the function FormWriteFacMac of the file /goform/WriteFacMac. Manipulating the mac argument can lead to arbitrary command execution, potentially exploitable by an attacker over the network. The vulnerability description notes that the a...

CVE-2026-5153 Tenda CH22 WriteFacMac FormWriteFacMac command injection

A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

Tenda CH22 命令注入漏洞

The Tenda CH22 is a network device produced by the Chinese company Tenda. Version 1.0.0.1 of the Tenda CH22 contains a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “mac” in the function FormWriteFacMac defined in the file/goform/WriteFacMac,...

EUVD-2026-14327

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2026-4554 Tenda F453 WriteFacMac FormWriteFacMac privilege escalation

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...

PT-2026-27019

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...

EUVD-2023-41064

Malicious code in bioql PyPI...

CVE-2024-3009

A vulnerability has been found in Tenda FH1205 2.0.0.7775 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit h...

CVE-2023-37144

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac...

CVE-2024-42634

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges...

PT-2024-30085 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.06.42 Description: A Command Injection issue exists in the formWriteFacMac function of the httpd binary. This allows an attacker to execute OS commands with root privileges. Recommendations: For Tenda AC9 version...

Tenda AC500 Command Injection Vulnerability

The Tenda AC500 is a Gigabit port access controller from Tenda, China. A command injection vulnerability exists in Tenda AC500 version 2.0.1.91307, which stems from a command injection issue in the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file. No details of the...

Tenda AC500 命令注入漏洞

The Tenda AC500 is a Gigabit port access controller from Tenda, China. A command injection vulnerability exists in Tenda AC500 version 2.0.1.91307, which stems from a command injection issue in the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file. No details of the...

CVE-2024-3880

A vulnerability has been found in Tenda W30E 1.0.1.25633 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has...

Tenda F1202 formWriteFacMac Method Command Injection Vulnerability

The Tenda F1202 is an enterprise-grade dual-band wireless router that supports dual bands of 2.4GHz and 5GHz with a maximum transfer rate of 1200Mbps. The Tenda F1202 suffers from a command injection vulnerability that stems from a command injection vulnerability in the mac parameter of the...

CVE-2024-30637

Tenda F1202 v1.2.0.20408 has a command injection vulnerablility in the formWriteFacMac function in the mac parameter...

CVE-2024-30637

Tenda F1202 v1.2.0.20408 has a command injection vulnerablility in the formWriteFacMac function in the mac parameter...

Tenda FH1203 formWriteFacMac Method Command Injection Vulnerability

Tenda FH1203 is a dual-band wireless router from China's Tenda, mainly used for home network coverage and enhancement. The Tenda FH1203 suffers from a command injection vulnerability that stems from the mac parameter of the formWriteFacMac method of the /goform/WriteFacMac file failing to properl...