CVE-2026-6989
⚪ Do wiadomości
Wstrzyknięcie poleceń w Tenda F453 umożliwia zdalne wykonanie kodu.
CVSS
6.3
EPSS
0.2%
Exploit
poc
Vendor
tenda
Opis źródłowy (NVD)
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
exploit rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.2% |
| Opublikowano (NVD) | 2026-04-25 18:16:18 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-30 14:10:06 UTC |
Referencje
- https://github.com/alc9700jmo/CVE/issues/24 (cna@vuldb.com) [Exploit, Third Party Advisory, Issue Tracking]
- https://vuldb.com/submit/796560 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359541 (cna@vuldb.com) [Third Party Advisory, VDB Entry]
- https://vuldb.com/vuln/359541/cti (cna@vuldb.com) [Permissions Required, VDB Entry]
- https://www.tenda.com.cn/ (cna@vuldb.com) [Product]