CVE-2026-8265
Analyzed Analyzed - Analysis Complete
OS Command Injection in Tenda AC6 Router

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulDB

Description
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-20
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-8265
EUVD
EUVD-2026-29022
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tenda ac6_firmware 15.03.06.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8265 is an OS command injection vulnerability found in the Tenda AC6 V2.0 router firmware version 15.03.06.23. It exists in the get_log_file function of the /bin/httpd component, specifically related to the handling of the "wans.flag" parameter.

The vulnerability occurs because the "wans.flag" parameter is read and directly inserted into a system command without proper input validation. This allows an attacker to inject arbitrary shell commands by escaping the intended command context.

An attacker can exploit this remotely by sending a specially crafted POST request to the /goform/getLogFile endpoint with malicious input in the "wans.flag" parameter, leading to execution of arbitrary commands on the device.

Impact Analysis

This vulnerability can allow a remote attacker to execute arbitrary operating system commands on the affected Tenda AC6 router. This could lead to unauthorized control over the device.

Potential impacts include disruption of network services, unauthorized access to sensitive information, modification or deletion of data, and using the compromised device as a foothold for further attacks within the network.

Detection Guidance

This vulnerability can be detected by sending a specially crafted POST request to the /goform/getLogFile endpoint of the Tenda AC6 router and observing if arbitrary commands are executed.

For example, sending a POST request with the payload wans.flag=";id;" can test if the device executes the 'id' command, indicating the presence of the OS command injection vulnerability.

A sample command using curl to test this would be:

  • curl -X POST http://<router-ip>/goform/getLogFile -d 'wans.flag=";id;"'

If the response contains output from the 'id' command or other unexpected command execution results, the vulnerability is present.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the CVE-2026-8265 vulnerability, immediate steps include restricting remote access to the affected Tenda AC6 router, especially to the /goform/getLogFile endpoint.

Ensure that only trusted users with appropriate privileges can access the device management interface, as the vulnerability requires high privileges (PR:H).

Monitor network traffic for suspicious POST requests targeting the wans.flag parameter to detect potential exploitation attempts.

Check for and apply any available firmware updates or patches from the vendor that address this command injection vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8265. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart