CRITICAL🇵🇱 Wersja polska

CVE-2026-24101

CVSS 9.8v3.1pub. 2026-03-02upd. 2026-03-03

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability.

🤖 AI Analysis
How it works

The vulnerability exists in the goform/formSetIptv function, where the `s1_1` parameter, when a specific condition is met, is passed to the sub_B0488 function and concatenated directly into a string executed as a system command by `doSystemCmd`. Since the `s1_1` parameter value is not verified or sanitized in any way, an attacker can inject arbitrary system commands through a crafted network request. The attack does not require authentication or user interaction.

Impact

An attacker gains the ability to remotely execute arbitrary code (RCE) with the privileges of the process handling the request, which may lead to complete takeover of the device, loss of confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the manufacturer according to the references. It is recommended to check the Tenda manufacturer's website at the address indicated in the references and restrict access to the device's administrative panel exclusively from trusted networks or IP addresses until the patch is implemented.

Who is affected

Tenda AC15 V1.0 with software version V15.03.05.18_multi

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac15

    HW
    Tenda
    1.0
  • Tenda Ac15 Firmware

    OS
    Tenda
    15.03.05.18_multi
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2020-10987CRITICAL9.8⚠ KEVten sam produkt

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...

CVE-2026-24103CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — podatność w goform/formSetMacFilterCfg

CVE-2026-24105CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload

CVE-2025-63666CRITICAL9.8PL ✓ten sam produkt

Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła

CVE-2025-29462CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — przepełnienie stosu przez HTTP