PT-2026-35160 · Tenda · F453

Alc9700

Published

2026-04-25

Updated

2026-04-26

CVE-2026-6989

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Tenda F453 versions prior to 1.0.0.4

Description A command injection issue exists in the Telnet Service component. A remote attacker can manipulate the TendaTelnet() function within the '/goform/telnet' endpoint to execute arbitrary commands, potentially gaining full control of the device. This issue is currently under active exploitation.

Recommendations Update to a version newer than 1.0.0.3. As a temporary workaround, restrict access to the '/goform/telnet' endpoint or disable the Telnet Service to minimize the risk of exploitation.

Exploit

Fix

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-6989

Affected Products

F453

PT-2026-35160 · Tenda · F453

CVE-2026-6989

Weakness Enumeration

Related Identifiers

Affected Products

References · 8