CVE-2026-6989

MediumPublic PoC

Published: 25 April 2026

Published

25 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0021 43.5th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The…

exploit has been disclosed to the public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the command injection vulnerability in the TendaTelnet function by identifying, reporting, and applying firmware updates beyond version 1.0.0.3.

SI-10 Information Input Validation good match

prevent

Enforces validation of inputs to the /goform/telnet endpoint to neutralize special elements and block command injection exploits.

CM-7 Least Functionality good match

prevent

Prohibits or restricts the unnecessary Telnet service and its vulnerable endpoint to eliminate the attack surface.

Security SummaryAI

CVE-2026-6989 is a command injection vulnerability affecting the Tenda F453 router firmware versions up to 1.0.0.3. The issue resides in the TendaTelnet function within the /goform/telnet endpoint of the Telnet Service component. Manipulation of this function enables arbitrary command execution, as classified under CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component) and CWE-77 (Command Injection). The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), indicating medium severity with network accessibility and low attack complexity.

A remote attacker with low privileges can exploit this vulnerability without user interaction. By sending crafted requests to the affected endpoint, the attacker achieves command injection, potentially leading to limited impacts on confidentiality, integrity, and availability, such as unauthorized access to system information, modification of router settings, or denial of minor services.

Advisories from VulDB detail the vulnerability and recent threat intelligence, while a GitHub repository discloses a public exploit that may be actively used. The vendor's website at tenda.com.cn provides general product information, but no specific patch or mitigation details are outlined in the available references; users should check for firmware updates beyond version 1.0.0.3.

The exploit's public disclosure heightens the risk of real-world exploitation against unpatched Tenda F453 devices.

Details

CWE(s): CWE-74 CWE-77

Affected Products

tenda

f453 firmware

1.0.0.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

The vulnerability is a command injection in a router's web management Telnet endpoint (public-facing application), enabling arbitrary command execution on the network device CLI.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/alc9700jmo/CVE/issues/24
Exploit, Third Party Advisory, Issue Tracking · cna@vuldb.com
https://vuldb.com/submit/796560
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359541
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/359541/cti
Permissions Required, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com