CVE-2026-8265 - Vulnerability Analysis

Overview

Tenda AC6 15.03.06.23 contains a command injection caused by manipulation of the "wans.flag" argument in /goform/getLogFile in httpd, letting remote attackers execute arbitrary OS commands.

Severity & Score

Impact

Remote attackers can execute arbitrary OS commands, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

• https://vuldb.com/vuln/362562/cti
• https://www.tenda.com.cn/
• https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20get_log_file%20Command%20Injection%20via%20wans.flag.md
• https://vuldb.com/submit/810076
• https://vuldb.com/vuln/362562

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner