NVD HIGH: CVE-2026-8264 — A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulner...

Monday, May 11, 2026 at 04:16 AM UTC·Source: NIST NVD

Updated: Friday, May 15, 2026 at 02:00 PM UTC

Executive Summary

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be us

Analysis

Indicators of Compromise (2)

CVE (1)

CVE-2026-8264

NVD MITRE CVE

IPv4 (1)

15.03.06.23

VirusTotal Shodan AbuseIPDB

Source Attribution

Originally published by NIST NVD on May 11, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

More than $10 million stolen from crypto platform THORChain

THORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million.

2h agoThe Record

CRITICALVulnerability

Funnel Builder WordPress plugin bug exploited to steal credit cards

A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]

2h agoBleepingComputer

CRITICALVulnerability

NVD CRITICAL: CVE-2026-46364 — phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in...

phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, ext

CVE-2026-46364

2h agoNIST NVD