CVE-2026-0581
Unknown Unknown - Not Provided
Remote Command Injection in Tenda AC1206 HTTPD Component

Publication date: 2026-01-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0581
EUVD
EUVD-2026-0903
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda ac1206 15.03.06.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-0581 is a command injection vulnerability in the Tenda AC1206 router firmware version 15.03.06.23. It exists in the httpd service, specifically in the function formBehaviorManager at the /goform/BehaviorManager endpoint. The vulnerability arises because the parameters modulename, option, data, and switch are not properly sanitized before being used to construct system commands. This allows an attacker to remotely inject and execute arbitrary commands on the device by manipulating these parameters, compromising the device's security. [1, 2]

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary commands on the affected Tenda AC1206 router without requiring physical or local access. This can lead to compromise of the device's confidentiality, integrity, and availability. An attacker could potentially take control of the router, disrupt network services, intercept or manipulate data, or use the device as a foothold for further attacks within the network. [1]

Detection Guidance

This vulnerability can be detected by monitoring requests to the /goform/BehaviorManager endpoint on the Tenda AC1206 router, specifically looking for suspicious or malformed parameters modulename, option, data, and switch that may contain command injection payloads. Since the vulnerability involves command injection via these parameters, you can use network traffic inspection tools like Wireshark or tcpdump to capture HTTP requests to this endpoint and analyze them for unusual input. Additionally, you can attempt to send controlled test requests with benign payloads to see if the device executes unintended commands. However, no specific detection commands are provided in the resources. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Tenda AC1206 router with an alternative device, as no known countermeasures or patches currently exist. Since the vulnerability is remotely exploitable and involves command injection in the httpd service, disabling remote management or restricting access to the /goform/BehaviorManager endpoint may reduce exposure. Monitoring network traffic for exploitation attempts is also recommended. Ultimately, upgrading to a secure firmware version or switching to a different product is advised. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0581. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart