CRITICAL🇵🇱 Wersja polska

CVE-2026-24105

CVSS 9.8v3.1pub. 2026-03-02upd. 2026-03-06

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.

🤖 AI Analysis
How it works

In handling requests directed to the goform/formsetUsbUnload endpoint, the value of the `v1` parameter is not validated or sanitized in any way. If untrusted data from this parameter is passed to the doSystemCmd function, an attacker can inject arbitrary system commands that will be executed in the context of the device. The attack can be performed remotely, without authentication, with low complexity.

Impact

An attacker can gain full control over the device, including reading and modifying its configuration, intercepting network traffic, and permanently disrupting the router's availability. It is also possible to use the compromised device as an entry point to the local network.

Mitigation & patch

Patches available from the manufacturer should be applied according to references (https://www.tenda.com.cn/material/show/2710). Until the update is implemented, it is recommended to restrict access to the router's administrative panel only to trusted hosts on the local network and block access to the management interface from the WAN side.

Who is affected

Tenda AC15 V1.0 with firmware version V15.03.05.18_multi

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac15

    HW
    Tenda
    1.0
  • Tenda Ac15 Firmware

    OS
    Tenda
    15.03.05.18
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-10987CRITICAL9.8⚠ KEVten sam produkt

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...

CVE-2026-24103CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg

CVE-2026-24101CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru formSetIptv

CVE-2025-63666CRITICAL9.8PL ✓ten sam produkt

Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła

CVE-2025-29462CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — przepełnienie stosu przez HTTP