CVE-2026-1638 | Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16 /goform/mDMZSetCfg dmzIp command injection

Inserito da Angelo Barbosa | Gen 29, 2026 | CVE

A vulnerability labeled as critical has been found in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection.

This vulnerability is identified as CVE-2026-1638. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-1638 | Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16 /goform/mDMZSetCfg dmzIp command injection

Post correlati

CVE-2023-41826 | Motorola Device Help App prior 2023-12-01 implicit intent

CVE-2024-57888 | Linux Kernel up to 6.12.8 cancel_delayed_work_sync Privilege Escalation

CVE-2025-31413 | bdthemes Element Pack Elementor Addons Plugin up to 8.3.13 on WordPress cross-site request forgery

CVE-2024-0771 | Nsasoft Product Key Explorer 4.0.9 Registration Name/Key memory corruption