CVE-2026-6989

MEDIUM

Tenda F453 Telnet Service telnet TendaTelnet command injection

Title source: cna

Description

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/359541

[Signature, Permissions Required] https://vuldb.com/vuln/359541/cti

[Third Party Advisory] https://vuldb.com/submit/796560

[Exploit] https://github.com/alc9700jmo/CVE/issues/24

[Product] https://www.tenda.com.cn/

Scores

CVSS v3 6.3

EPSS 0.0021

EPSS Percentile 43.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-77

Status published

Products (4)

Tenda/F453 1.0.0.0

Tenda/F453 1.0.0.1

Tenda/F453 1.0.0.2

Tenda/F453 1.0.0.3

Published Apr 25, 2026

Tracked Since Apr 25, 2026