CVE-2026-8263

MEDIUM

A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

CVSS v3.1 Score

4.7
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 5/11/2026Modified: 5/12/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-8263 — A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affect...

A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-8263
NIST NVD

References (5)

https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.mdExploitThird Party Advisoryhttps://vuldb.com/submit/810074Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/362560Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/362560/ctiPermissions RequiredVDB Entryhttps://www.tenda.com.cn/Product