Vulnerability Details CVE-2026-24101
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2026-24101
-
cpe:2.3:h:tenda:ac15:1.0
-
cpe:2.3:o:tenda:ac15_firmware:15.03.05.18_multi