GHSA-f7fp-jm38-ghwwMediumCVSS 6.5

An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set...

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (1)

📋 Description

An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter.

🔗 References (3)