CVE-2026-4253 | Tenda AC8 16.03.50.11 Web Interface /cgi-bin/UploadCfg route_set_user_policy_rule wans.policy.list1 os command injection

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability was found in Tenda AC8 16.03.50.11. It has been declared as critical. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection.

This vulnerability is known as CVE-2026-4253. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-4253 | Tenda AC8 16.03.50.11 Web Interface /cgi-bin/UploadCfg route_set_user_policy_rule wans.policy.list1 os command injection

Post correlati

CVE-2024-32954 | Tribulant Newsletters Plugin up to 4.9.5 on WordPress unrestricted upload

CVE-2023-45866 | BlueZ Bluetooth HID Host injection

CVE-2024-41240 | Kashipara Responsive School Management System 3.2.0 /smsa/teacher_login.php error cross site scripting

CVE-2024-13315 | Shopwarden Plugin up to 1.0.11 on WordPress save_setting cross-site request forgery