CVE-2026-11556
Deferred Deferred - Pending Action

Command Injection in Tenda F451 Web Management Interface

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: VulDB

Description
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a manipulation of the argument mac results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-29
AI Q&A
2026-06-08
EPSS Evaluated
2026-06-27
NVD
CVE-2026-11556
EUVD
EUVD-2026-35179

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
tenda f451 to 1.0.0.9 (inc)
tenda f451 1.0.0.7
tenda f451 1.0.0.9

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-11556 is a security vulnerability in the Tenda F451 router's web management interface, specifically in the formWriteFacMac function of the /goform/WriteFacMac endpoint.

The flaw is an OS command injection vulnerability caused by improper sanitization of the mac parameter. An attacker can send a specially crafted HTTP POST request that injects shell commands into this parameter.

This allows remote code execution (RCE) with root privileges on the device, potentially compromising the entire system.

Impact Analysis

Exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected Tenda F451 router with root privileges.

This can lead to full system compromise, including unauthorized access, control over network traffic, data theft, or disruption of network services.

Since the exploit is publicly available, the risk of attacks is increased.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the /goform/WriteFacMac endpoint of the Tenda F451 router's web management interface. The request should include a malicious payload in the mac parameter to test for OS command injection.

For example, a command to test the vulnerability could be constructed to inject shell commands such as "ls" to verify if remote code execution is possible.

  • Use curl or a similar tool to send a POST request with a payload like: curl -X POST http://<target-ip>/goform/WriteFacMac -d "mac=00:11:22:33:44:55;ls"
  • Observe the response or behavior of the device to determine if the injected command executed, indicating the presence of the vulnerability.
Mitigation Strategies

Immediate mitigation steps include restricting access to the web management interface of the Tenda F451 router to trusted networks or IP addresses only.

Avoid exposing the device's management interface to the internet or untrusted networks to reduce the risk of remote exploitation.

Monitor for unusual activity or unexpected commands being executed on the device, which may indicate exploitation attempts.

Apply any available firmware updates or patches from the vendor that address this vulnerability once they are released.

Compliance Impact

The provided information does not specify how the CVE-2026-11556 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11556. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart