LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-24105

CVE-2026-24105 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 3, 2026

Tenda AC15V1.0 - Command Injection

Published: March 2, 2026Updated: March 3, 2026Remote Exploitable

Overview

Tenda AC15V1.0 V15.03.05.18_multi contains a command injection caused by unchecked 'v1' value in goform/formsetUsbUnload, letting attackers execute arbitrary commands remotely, exploit requires crafted request.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 169.1%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary commands remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version or apply vendor patches addressing this issue.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 9, 2026

📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1428 Severity: - Critical: 187 - High: 549 - Medium: 456 - Low: 43 - None: 193 Status: - : 38 - Analyzed: 324 - Awaiting Analysis: 475 - Modified: 83 - Received: 445 - Rejected: 7 - Undergoing Analysis: 56 Top CNAs: - GitHub, Inc.: 283 - Patchstack: 271 - MITRE: 128 - VulnCheck: 107 - VulDB: 85 - Wordfence: 74 - Android (associated with Google Inc. or Open Handset Alliance): 57 - Cisco Systems, Inc.: 50 - N/A: 38 - Acronis International GmbH: 23 Top Affected Products: - UNKNOWN: 1003 - Google Android: 74 - Chamilo Lms: 25 - Dlink Dir-513 Firmware: 20 - Huawei Harmonyos: 18 - Qualcomm Qca6595au Firmware: 14 - Qualcomm Wcd9380 Firmware: 14 - Qualcomm Wcd9385 Firmware: 14 - Qualcomm Wsa8830 Firmware: 14 - Qualcomm Wsa8815 Firmware: 14 Top EPSS Score: - CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256) - CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105) - CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070) - CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478) - CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101) - CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107) - CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227) - CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886) - CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675) - CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)

View original post

Related Resources

Details

CVE ID
CVE-2026-24105
Severity
Critical
CVSS Score
9.8
Type
command_injection
Status
unconfirmed
EPSS
169.1%
Social Posts
1

CWE

  • CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

169.1%Probability of exploitation in the next 30 days