{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-24105", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-03T14:59:43.107Z", "dateReserved": "2026-01-21T00:00:00.000Z", "datePublished": "2026-03-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T16:49:06.144Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2710"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24105"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T14:58:54.814562Z", "id": "CVE-2026-24105", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T14:59:43.107Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24105", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-03T14:58:54.814562Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T14:59:26.163Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2710"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24105"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-02T16:49:06.144Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24105", "state": "PUBLISHED", "dateUpdated": "2026-03-03T14:59:43.107Z", "dateReserved": "2026-01-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*", "matchCriteriaId": "56881C41-A993-45CC-BAE6-E9DE17FA56E2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5059CAD-BD1A-4808-BCED-006444E60701", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd."}], "id": "CVE-2026-24105", "lastModified": "2026-03-06T21:05:36.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-02T17:16:32.793", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24105"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.tenda.com.cn/material/show/2710"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "V15.03.05.18_multi"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ac15", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-17T13:39:19.485432+00:00", "value": {"mitigation_remediation": ["Apply the latest Tenda firmware update that addresses command injection in the USB unload form", "If no update is available, block or filter requests to the goform/formsetUsbUnload URL at the router or upstream firewall", "Disable USB unloading functionality or restrict it to trusted interfaces if possible"], "summary": {"action": "Immediate Patch", "impact": "Command injection leading to remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Tenda AC15 routers with firmware version 15.03.05.18. No other products or revisions are listed as impacted.", "description_and_impact": "Tenda AC15 routers running firmware V15.03.05.18 expose the goform/formsetUsbUnload endpoint without validating the v1 parameter, allowing attackers to inject shell commands that are executed by the doSystemCmd function. This flaw can be exploited to run arbitrary code, compromise the router, and potentially pivot to other devices on the network, severely impacting confidentiality, integrity, and availability.", "risk_and_exploitability": "Based on the description, the vulnerability carries a CVSS score of 9.8, indicating critical severity, and an EPSS score of 2%, suggesting a measurable but not high probability of exploitation soon. It is not listed in the CISA KEV catalog. Attackers are likely able to exploit it by sending a crafted HTTP POST or GET request to the formsetUsbUnload endpoint, embedding malicious commands in the v1 field. No special privileges are required beyond access to the router\u2019s web interface, making the attack vector relatively straightforward for lateral adversaries."}}}}, "created": "2026-03-03T08:46:11.816628+00:00", "title": "Command Injection in Tenda AC15 via Unchecked Form Parameter", "updated": "2026-04-17T13:45:16.030885+00:00", "vendors": ["tenda", "tenda$PRODUCT$ac15"]}