ГлавнаяУязвимости → CVE-2026-11556
8.8высокая

CVE-2026-11556

Описание

A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/Robots10/IoT_vlu/blob/main/reports/Tenda/formWriteFacMac2/formWriteFacMac.mdhttps://vuldb.com/cve/CVE-2026-11556https://vuldb.com/submit/836476https://vuldb.com/vuln/369166https://vuldb.com/vuln/369166/ctihttps://www.tenda.com.cn/