CVE-2026-8265

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get log file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2026-8265

Affected Products

Ac6

CVE-2026-8265

Weakness Enumeration

Related Identifiers

Affected Products

References · 6