top of page
perceptive_background_267k.jpg

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenate…

Published:

1 March 2026 at 23:00:00

Alert date:

2 March 2026 at 18:02:45

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure

A command injection vulnerability was discovered in Tenda AC15V1.0 router firmware version V15.03.05.18_multi. The vulnerability exists in the goform/formSetIptv function where the s1_1 parameter is passed to sub_B0488 without proper validation. This parameter gets concatenated into doSystemCmd, allowing potential command injection attacks. The lack of input validation enables attackers to execute arbitrary system commands on the affected device.

Technical details

Mitigation steps:

Affected products:

Tenda AC15V1.0

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24101
https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24101
https://www.tenda.com.cn/material/show/2710

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page