CVE-2026-1638

Name of the Vulnerable Software and Affected Versions Tenda AC21 versions 1.1.1.1/1.dmzip/16.03.08.16

Description A security flaw exists in the Tenda AC21 router. The issue is related to command injection within the mDMZSetCfg function, located in the /goform/mDMZSetCfg file. Manipulation of the dmzIp argument can lead to remote code execution. The exploit for this issue has been publicly released and may be used in attacks.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /goform/mDMZSetCfg file.