CVE-2026-4554
Received Received - Intake
Remote Command Injection in Tenda F453 FormWriteFacMac Function

Publication date: 2026-03-22

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4554
EUVD
EUVD-2026-14327
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda f453_firmware 1.0.0.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-4554 is a command injection vulnerability in the Tenda F453 router, version 1.0.0.3. It exists in the function FormWriteFacMac within the /goform/WriteFacMac endpoint. The vulnerability occurs because the 'mac' parameter is directly inserted into a system command without proper sanitization, allowing an attacker to remotely execute arbitrary operating system commands by sending a specially crafted HTTP POST request."}, {'type': 'paragraph', 'content': 'A proof of concept shows that by setting the \'mac\' parameter to a malicious value like `;echo "this is a vul";`, the router executes the injected command, demonstrating remote code execution capability.'}] [1]

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary commands on the affected Tenda F453 router. This can lead to full compromise of the device, enabling attackers to control the router, intercept or manipulate network traffic, disrupt network services, or use the device as a foothold for further attacks within the network.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /goform/WriteFacMac with a malicious "mac" parameter and observing if the command injection occurs.'}, {'type': 'paragraph', 'content': 'For example, a test can be performed by sending a POST request with the "mac" parameter set to a command injection payload such as `;echo "this is a vul";`.'}, {'type': 'paragraph', 'content': 'A sample command using curl to test this would be:'}, {'type': 'list_item', 'content': 'curl -X POST http://[router_ip]/goform/WriteFacMac -d "mac=;echo \'this is a vul\';"'}, {'type': 'paragraph', 'content': 'If the response or router behavior indicates execution of the injected command, the device is vulnerable.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the affected router's management interface to trusted networks only, such as local network or VPN."}, {'type': 'paragraph', 'content': "Avoid exposing the router's HTTP management interface to the internet to prevent remote exploitation."}, {'type': 'paragraph', 'content': 'Monitor network traffic for suspicious POST requests to /goform/WriteFacMac with unusual "mac" parameter values.'}, {'type': 'paragraph', 'content': 'Check for and apply any available firmware updates from Tenda that address this vulnerability.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4554. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart