Security Advisory

CVE-2026-31255

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-27 00:00:00

Last updated 2026-04-28 15:06:36

Assigner mitre

State PUBLISHED

Description

A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.

← Browse all CVEs View on cve.org ↗