CNNVD-202602-1086 Information

CNNVD ID

CNNVD-202602-1086

Related CVE

CVE-2026-25857

• CNNVD Published: 2026-02-07

Description (Chinese)

Tenda G300-F是中国腾达（Tenda）公司的一个VPN路由器。 Tenda G300-F 16.01.14.2及之前版本存在操作系统命令注入漏洞，该漏洞源于WAN诊断功能中存在OS命令注入，可能导致执行任意命令。

Description (English)

Tenda G300-F is a VPN router for Tenda, China. Tenda G300-F 16.01.14.2 and previous versions had a gap in the operating system orders, which stemmed from the presence of an OS injection in the WAN diagnostic function, which could lead to the execution of arbitrary orders.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

腾达

Published

2026-02-07

Last Modified

2026-02-24

References

https://blog.evan.lat/blog/cve-2026-25857/ https://www.tendacn.com/material/show/736333682028613 https://www.vulncheck.com/advisories/tenda-g300-f-command-injection-via-formsetwandiag https://access.redhat.com/security/cve/cve-2026-25857