CVE-2026-8265

MEDIUM

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

CVSS v3.1 Score

4.7
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Complexity
LOW
Privileges
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
Published: 5/11/2026Modified: 5/11/2026

Related Intelligence (1)

HIGHVulnerability

NVD HIGH: CVE-2026-8265 — A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by...

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-8265
NIST NVD

References (5)

https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20get_log_file%20Command%20Injection%20via%20wans.flag.mdExploitThird Party Advisoryhttps://vuldb.com/submit/810076Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/362562Third Party AdvisoryVDB Entryhttps://vuldb.com/vuln/362562/ctiPermissions RequiredVDB Entryhttps://www.tenda.com.cn/Product