Details of VAR-202603-1468

ID

VAR-202603-1468

CVE

CVE-2026-24105

TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC15 Code injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-006279

DESCRIPTION

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-24105 // JVNDB: JVNDB-2026-006279

AFFECTED PRODUCTS

vendor:	tenda	model:	ac15	scope:	eq	version:	15.03.05.18	Trust: 1.0
vendor:	tenda	model:	ac15	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac15	scope:	eq	version:	ac15 firmware 15.03.05.18	Trust: 0.8

sources: JVNDB: JVNDB-2026-006279 // NVD: CVE-2026-24105

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-24105
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-006279
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-24105
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-006279
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006279 // NVD: CVE-2026-24105

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.0
problemtype:	Code injection (CWE-94) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006279 // NVD: CVE-2026-24105

PATCH

title:

CVEreport/D-link/CVE-2026-24105 at main akuma-QAQ/CVEreport GitHub

url:

https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24105

Trust: 0.8

sources: JVNDB: JVNDB-2026-006279

EXTERNAL IDS

db:	NVD	id:	CVE-2026-24105	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006279	Trust: 0.8

sources: JVNDB: JVNDB-2026-006279 // NVD: CVE-2026-24105

REFERENCES

url:	https://www.tenda.com.cn/material/show/2710	Trust: 1.8
url:	https://github.com/akuma-qaq/cvereport/tree/main/d-link/cve-2026-24105	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-24105	Trust: 0.8

sources: JVNDB: JVNDB-2026-006279 // NVD: CVE-2026-24105

SOURCES

db:	JVNDB	id:	JVNDB-2026-006279
db:	NVD	id:	CVE-2026-24105

LAST UPDATE DATE

2026-03-14T23:22:33.044000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006279	date:	2026-03-09T03:06:00
db:	NVD	id:	CVE-2026-24105	date:	2026-03-06T21:05:36.243

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006279	date:	2026-03-09T00:00:00
db:	NVD	id:	CVE-2026-24105	date:	2026-03-02T17:16:32.793