PT-2026-39552 · Tenda · Ac6 2.0

St4R

·

Published

2026-05-10

·

Updated

2026-05-11

·

CVE-2026-8259

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Tenda AC6 2.0 version 15.03.06.23
Description An OS command injection issue exists in the httpd component within the '/goform/telnet' file. This occurs when the lan.ip argument is manipulated, allowing for remote exploitation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-06626
CVE-2026-8259

Affected Products

Ac6 2.0