CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-8259

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been...

TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet

Overview An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges. Description TOTOLINK manufactures routers and other networking equipment designed for small businesses and home implementations. The AX1800 routers are popular with users...

Tenda AC20 16.03.08.12 - Command Injection

/ Exploit Title : Tenda AC20 16.03.08.12 - Command Injection Author : Byte Reaper CVE : CVE-2025-9090 Description: A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. target endpoint :...

Exploit for Command Injection in Tenda Ac20_Firmware

CVE-2025-9090 Author: Byte Reaper Description This exp...

CVE-2025-52376

An authentication bypass vulnerability in the /web/umopentelnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server is then accessible wi...

Tenda RX3 命令注入漏洞

Tenda RX3 is a dual-band WiFi 6 home wireless router from Tenda China. It is used for home network coverage and supports high-speed wireless connection. The Tenda RX3 suffers from a command injection vulnerability that stems from the failure of the file /goform/telnet to properly filter construct...

PT-2025-9855 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 Description: The issue is related to command injection via the handler function in the /goform/telnet endpoint. This vulnerability may allow a remote attacker to execute arbitrary commands by sending a specially...

Tenda AC10 注入漏洞

The Tenda AC10 is a wireless router from the Chinese company Tenda. A command injection vulnerability exists in Tenda AC10 version 16.03.10.20, which stems from the failure of the file /goform/telnet to properly filter constructed command special characters, commands, etc. An attacker could use...

Starbucks: Exposed Unencrypted Telnet Endpoint

Hi, I'm not sure where to submit this as I know it is a low/medium risk issue on an asset which is out of scope. Essentially I stumbled across the endpoint whilst looking at other Starbucks domains within scope, the affected host is: franchisee.starbucks.com:23 it was found to be running an...