CVE-2026-4554
Remote Command Injection in Tenda F453 FormWriteFacMac Function
Publication date: 2026-03-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | f453_firmware | 1.0.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-4554 is a command injection vulnerability in the Tenda F453 router, version 1.0.0.3. It exists in the function FormWriteFacMac within the /goform/WriteFacMac endpoint. The vulnerability occurs because the 'mac' parameter is directly inserted into a system command without proper sanitization, allowing an attacker to remotely execute arbitrary operating system commands by sending a specially crafted HTTP POST request."}, {'type': 'paragraph', 'content': 'A proof of concept shows that by setting the \'mac\' parameter to a malicious value like `;echo "this is a vul";`, the router executes the injected command, demonstrating remote code execution capability.'}] [1]
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary commands on the affected Tenda F453 router. This can lead to full compromise of the device, enabling attackers to control the router, intercept or manipulate network traffic, disrupt network services, or use the device as a foothold for further attacks within the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /goform/WriteFacMac with a malicious "mac" parameter and observing if the command injection occurs.'}, {'type': 'paragraph', 'content': 'For example, a test can be performed by sending a POST request with the "mac" parameter set to a command injection payload such as `;echo "this is a vul";`.'}, {'type': 'paragraph', 'content': 'A sample command using curl to test this would be:'}, {'type': 'list_item', 'content': 'curl -X POST http://[router_ip]/goform/WriteFacMac -d "mac=;echo \'this is a vul\';"'}, {'type': 'paragraph', 'content': 'If the response or router behavior indicates execution of the injected command, the device is vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the affected router's management interface to trusted networks only, such as local network or VPN."}, {'type': 'paragraph', 'content': "Avoid exposing the router's HTTP management interface to the internet to prevent remote exploitation."}, {'type': 'paragraph', 'content': 'Monitor network traffic for suspicious POST requests to /goform/WriteFacMac with unusual "mac" parameter values.'}, {'type': 'paragraph', 'content': 'Check for and apply any available firmware updates from Tenda that address this vulnerability.'}] [1]