Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTenda Ac15
HWTenda1.0Tenda Ac15 Firmware
OSTenda15.03.05.20_multiTenda Ac5
HWTenda1.0Tenda Ac5 Firmware
OSTenda15.03.06.48_multi
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
Related vulnerabilities
CVE-2020-10987CRITICAL9.8⚠ KEVten sam produkt
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...
CVE-2026-24103CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg
CVE-2026-24105CRITICAL9.8PL ✓ten sam produkt
Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload
CVE-2026-24101CRITICAL9.8PL ✓ten sam produkt
Command injection w Tenda AC15 — brak walidacji parametru formSetIptv
CVE-2025-63666CRITICAL9.8PL ✓ten sam produkt
Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła