CVE-2026-8264 | Tenda AC6 15.03.06.23 httpd /goform/WifiApScan formWifiApScan wl2g.public.country/wl5g.public.country os command injection

May 10, 2026 Yanac

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection.

This vulnerability is registered as CVE-2026-8264. It is possible to launch the attack remotely. Furthermore, an exploit is available.VulDB Recent EntriesRead More