CVE-2026-8259

MEDIUM

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVSS v3.1 Score

4.7
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 5/11/2026Modified: 5/11/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-8259 — A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected elemen...

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVE-2026-8259
NIST NVD

References (5)

https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20TendaTelnet%20Command%20Injection.mdExploitThird Party Advisoryhttps://vuldb.com/submit/809877Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/362556Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/362556/ctiPermissions RequiredVDB Entryhttps://www.tenda.com.cn/Product