Command Injection Vulnerability in Tenda 4G300 Router
CVE-2026-7469

5.3MEDIUM

Key Information:

Vendor

Tenda
Status
4g300
Vendor
CVE Published:
30 April 2026

What is CVE-2026-7469?

A vulnerability has been identified in the Tenda 4G300 router, specifically within the function sub_425A28 located in the /goform/DelFil file. This issue arises from improper handling of the delflag argument, enabling potential attackers to execute arbitrary commands on the device. The exploit can be conducted remotely, and details of this vulnerability are publicly available, raising significant security concerns for users of the affected router model.

Affected Version(s)

4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01

References

https://vuldb.com/vuln/360205
vdb-entrytechnical-description
https://vuldb.com/vuln/360205/cti
signaturepermissions-required
https://vuldb.com/submit/804268
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Haaalion (VulDB User)
.