All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-38142
MEDIUMpublished 2026-07-01 19:16 UTC · 3 days ago · modified 2026-07-02 18:42 UTC
6.5
CVSS / 10
// description
An unauthenticated command injection vulnerability in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter.
// weaknesses (CWE)
- CWE-77