CVE-2026-4253 Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function routesetuserpolicyrule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack...