Command Injection Vulnerability in Tenda AC18 Router
CVE-2026-38142
6.5MEDIUM
What is CVE-2026-38142?
The Tenda AC18 router has a notable vulnerability in its /goform/fast_setting_internet_set endpoint, which allows unauthenticated attackers to inject arbitrary commands through the mac parameter. This command injection flaw can lead to unauthorized actions being executed on the device, compromising its integrity and potentially exposing the network to further attacks. It's crucial for users of affected versions to implement immediate security measures.