CVE-2026-24101
🚨 CRITICALAn issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1...
Description
Request Expert ReviewAn issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability.
Affected Products (1)
CVSS Scores
References
Additional Information
- Source
- cve@mitre.org
- State
- Analyzed
Related CVEs
CVE-2026-4111
HIGHA flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path....
CVE-2026-4105
MEDIUMA flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the clas...
CVE-2026-4063
MEDIUMThe Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in th...
CVE-2026-3986
MEDIUMThe Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and includin...
CVE-2026-3910
HIGHInappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a...
CVE-2026-3909
HIGHOut of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTM...
Share CVE-2026-24101
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2026-24101 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!