CVE-2026-4253

CVSS v2.0

5.8

Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route set user policy rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-4253

Affected Products

Ac8

CVE-2026-4253

Weakness Enumeration

Related Identifiers

Affected Products

References · 6