Sign-up

ID

VAR-202604-3463


CVE

CVE-2026-31255


TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC18  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-013426

DESCRIPTION

A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-31255 // JVNDB: JVNDB-2026-013426

AFFECTED PRODUCTS

vendor:tendamodel:ac18scope:eqversion:15.03.05.05

Trust: 1.0

vendor:tendamodel:ac18scope:eqversion:ac18 firmware 15.03.05.05

Trust: 0.8

vendor:tendamodel:ac18scope: - version: -

Trust: 0.8

vendor:tendamodel:ac18scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013426 // NVD: CVE-2026-31255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-31255
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-31255
value: MEDIUM

Trust: 1.0

NVD: CVE-2026-31255
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2026-31255
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-31255
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2026-31255
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013426 // NVD: CVE-2026-31255 // NVD: CVE-2026-31255

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype: Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013426 // NVD: CVE-2026-31255

PATCH

title:CVE_REQUESTS_references/Tenda_AC18/Tenda_AC18_3th/README.md at main  izxnfirh8148/CVE_REQUESTS_references  GitHuburl:https://github.com/izxnfirh8148/CVE_REQUESTS_references/blob/main/Tenda_AC18/Tenda_AC18_3th/README.md

Trust: 0.8

sources: JVNDB: JVNDB-2026-013426

EXTERNAL IDS

db:NVDid:CVE-2026-31255

Trust: 2.6

db:JVNDBid:JVNDB-2026-013426

Trust: 0.8

sources: JVNDB: JVNDB-2026-013426 // NVD: CVE-2026-31255

REFERENCES

url:https://github.com/izxnfirh8148/cve_requests_references/blob/main/tenda_ac18/tenda_ac18_3th/readme.md

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-31255

Trust: 0.8

sources: JVNDB: JVNDB-2026-013426 // NVD: CVE-2026-31255

SOURCES

db:JVNDBid:JVNDB-2026-013426
db:NVDid:CVE-2026-31255

LAST UPDATE DATE

2026-06-19T23:48:54.324000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013426date:2026-04-30T03:16:00
db:NVDid:CVE-2026-31255date:2026-04-28T15:16:28.360

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013426date:2026-04-30T00:00:00
db:NVDid:CVE-2026-31255date:2026-04-27T19:16:47.060