Enviar #809877: Tenda AC6 V2.0 (AC1206) Firmware V15.03.06.23 Command Injectioninformación

Título	Tenda AC6 V2.0 (AC1206) Firmware V15.03.06.23 Command Injection
Descripción	An OS command injection vulnerability exists in the TendaTelnet function (0x45b860) of /bin/httpd in Tenda AC6 V2.0 firmware V15.03.06.23. The function reads the "lan.ip" parameter via websGetVar() and formats it into "telnetd -b %s &" via doSystemCmd(), which calls system(). No input sanitization is performed. No formal CVE number exists for this vulnerability. Only an informal GitHub PoC (cecada/Tenda-AC6-Root-Access) references this issue.
Fuente	⚠️ https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/Tenda%20AC6V2%20TendaTelnet%20Command%20Injection.md
Usuario	ST4R (UID 96634)
Sumisión	2026-04-22 09:47 (hace 1 mes)
Moderación	2026-05-10 17:08 (18 days later)
Estado	Aceptado
Entrada de VulDB	362556 [Tenda AC6 2.0/15.03.06.23 httpd /goform/telnet lan.ip escalada de privilegios]
Puntos	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!