PatchSiren cyber security CVE debrief
CVE-2026-11493 Tenda CVE debrief
A weakness was identified in Tenda AC15 15.03.05.19, specifically in an unknown function of the file /etc_ro/smb.conf of the Samba component. This issue allows for weak password requirements due to manipulation within the local network. The attack complexity is high and exploitability is difficult. The exploit has been made public and could be used for attacks. The CVSS score is 1.3, indicating a low severity.
- Vendor
- Tenda
- Product
- AC15
- CVSS
- LOW 1.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Tenda AC15 15.03.05.19 within local networks should be aware of this weakness and take appropriate measures to secure their systems.
Technical summary
The weakness is located in the Samba component of Tenda AC15 15.03.05.19, specifically in the /etc_ro/smb.conf file. This allows for weak password requirements, which can be exploited within the local network. The attack requires high complexity and is difficult to exploit.
Defensive priority
Low
Recommended defensive actions
- Update to the latest firmware version if available.
- Implement strong password policies for Samba component.
- Restrict access to the Samba component within the local network.
Evidence notes
The CVE record was published on 2026-06-08T07:16:27.030Z and modified on 2026-06-08T14:57:14.757Z. The CVSS score is 1.3, indicating a low severity. The weakness is classified under CWE-521.
Official resources
Publicly disclosed