PatchSiren cyber security CVE debrief
CVE-2026-11556 Tenda CVE debrief
CVE-2026-11556 is a HIGH severity vulnerability with a CVSS score of 7.4. The vulnerability affects Tenda F451 versions 1.0.0.7 and 1.0.0.9, specifically in the formWriteFacMac function of the /goform/WriteFacMac file, allowing for os command injection via manipulation of the mac argument. This vulnerability can be exploited remotely.
- Vendor
- Tenda
- Product
- F451
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of Tenda F451 versions 1.0.0.7 and 1.0.0.9 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by improper sanitization of user input in the formWriteFacMac function of the /goform/WriteFacMac file. An attacker can inject os commands by manipulating the mac argument, allowing for remote exploitation.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the affected system and limit the attack surface.
- Monitor the system for suspicious activity and implement additional security measures if necessary.
Evidence notes
The vulnerability has been publicly disclosed and an exploit has been released.
Official resources
CVE-2026-11556 was published on 2026-06-08T18:16:33.040Z and modified on 2026-06-09T01:32:36.950Z.