CVE-2026-7102
Received Received - Intake
Remote Command Injection in Tenda F456 httpd Component

Publication date: 2026-04-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7102
EUVD
EUVD-2026-25802
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda f456_firmware 1.0.0.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7102 is a command injection vulnerability found in the Tenda F456 router, version 1.0.0.5. It exists in the httpd service, specifically in the FormWriteFacMac function. The vulnerability occurs because the "mac" parameter from an HTTP POST request is directly inserted into a system command without proper sanitization.

This allows a remote attacker to craft a malicious request that injects arbitrary operating system commands. When the router processes this request at the endpoint /goform/WriteFacMac, it executes the injected commands on the underlying operating system.

A proof of concept shows that by setting the "mac" parameter to a command like `;echo "this is a command injection fault";`, the router executes this command, confirming the vulnerability.

Impact Analysis

This vulnerability allows remote attackers to execute arbitrary operating system commands on the affected router without authentication.

  • Attackers can gain unauthorized control over the device.
  • They may manipulate router settings, intercept or redirect network traffic, or use the device as a foothold for further attacks within the network.
  • This can lead to system compromise, data breaches, and disruption of network services.
Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the vulnerable router's endpoint /goform/WriteFacMac with a specially crafted "mac" parameter that attempts command injection.

For example, sending a POST request with the "mac" parameter set to a command injection payload such as `;echo "this is a command injection fault";` can confirm the vulnerability if the router executes the injected command.

A sample command using curl to test this would be:

  • curl -X POST http://[router_ip]/goform/WriteFacMac -d "mac=;echo 'this is a command injection fault';"

If the response or router behavior indicates execution of the injected command, the vulnerability is present.

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary operating system commands on the affected Tenda F456 router, potentially leading to unauthorized system compromise.

Such unauthorized access and control over the device could result in exposure or manipulation of sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and health information.

However, the provided information does not explicitly detail the direct effects on compliance with these standards.

Mitigation Strategies

To mitigate the CVE-2026-7102 vulnerability, immediate steps include restricting remote access to the affected Tenda F456 router, especially to the /goform/WriteFacMac endpoint, to prevent exploitation of the command injection flaw.

Additionally, monitor network traffic for suspicious POST requests containing unusual 'mac' parameter values that could indicate exploitation attempts.

If possible, apply any available firmware updates or patches from the vendor that address this vulnerability.

As a temporary measure, consider disabling the vulnerable httpd service or restricting its functionality until a fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7102. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart