Sign-up

ID

VAR-202603-2191


CVE

CVE-2026-4253


DESCRIPTION

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

Trust: 1.0

sources: NVD: CVE-2026-4253

AFFECTED PRODUCTS

vendor:tendamodel:ac8scope:eqversion:16.03.50.11

Trust: 1.0

sources: NVD: CVE-2026-4253

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-4253
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2026-4253
value: HIGH

Trust: 1.0

cna@vuldb.com: CVE-2026-4253
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

cna@vuldb.com: CVE-2026-4253
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-4253
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2026-4253 // NVD: CVE-2026-4253

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2026-4253

EXTERNAL IDS

db:VULDBid:351211

Trust: 1.0

db:NVDid:CVE-2026-4253

Trust: 1.0

sources: NVD: CVE-2026-4253

REFERENCES

url:https://vuldb.com/?submit.771771

Trust: 1.0

url:https://github.com/digitalandrew/tenda_ac8_v5/blob/main/poc_cmdi_config_upload.py

Trust: 1.0

url:https://vuldb.com/?id.351211

Trust: 1.0

url:https://www.tenda.com.cn/

Trust: 1.0

url:https://vuldb.com/?ctiid.351211

Trust: 1.0

sources: NVD: CVE-2026-4253

SOURCES

db:NVDid:CVE-2026-4253

LAST UPDATE DATE

2026-03-20T23:20:12.259000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2026-4253date:2026-03-20T12:55:36.280

SOURCES RELEASE DATE

db:NVDid:CVE-2026-4253date:2026-03-16T18:16:10.540