Vulnerabilities ›

CVE-2026-6989

Medium

CWE-74 — Weakness Type

                    Published: Apr 25, 2026                      ·  Modified: Apr 28, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

🤖 AI Executive Summary

CVE-2026-6989 is a command injection vulnerability in Tenda F453 router firmware up to version 1.0.0.3 affecting the Telnet service component. The vulnerability allows remote attackers to execute arbitrary commands through the /goform/telnet endpoint without authentication.

📄 Description (Arabic)

ثغرة حقن أوامر في خدمة Telnet بأجهزة Tenda F453 حتى الإصدار 1.0.0.3 تسمح بتنفيذ أوامر تعسفية من قبل مهاجمين بعيدين. تم الكشف عن هذه الثغرة علناً مما يزيد من خطر استغلالها. تؤثر الثغرة على مكون /goform/telnet في الجهاز.

🤖 ملخص تنفيذي (AI)

A command injection flaw exists in Tenda F453 routers up to version 1.0.0.3 in the Telnet service that enables remote code execution. Attackers can exploit this publicly disclosed vulnerability to compromise affected devices remotely.

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 08:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government

🎯 MITRE ATT&CK Techniques

T1190 T1133 T1059

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update Tenda F453 firmware to version 1.0.0.4 or later. Disable Telnet service if not required and use SSH instead. Implement network segmentation to restrict access to management interfaces. Monitor for suspicious telnet connections on port 23.

🔧 خطوات المعالجة (العربية)

قم بتحديث برنامج Tenda F453 الثابت إلى الإصدار 1.0.0.4 أو أحدث فوراً. عطّل خدمة Telnet إن لم تكن مطلوبة واستخدم SSH بدلاً منها. طبّق تقسيم الشبكة لتقييد الوصول إلى واجهات الإدارة. راقب الاتصالات المريبة على المنفذ 23.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

ID.AM-2 PR.AC-1 PR.PT-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.18.1.3

🔗 References & Sources 5

🔗

https://github.com/alc9700jmo/CVE/issues/24

cna@vuldb.com

🔗

https://vuldb.com/submit/796560

cna@vuldb.com

🔗

https://vuldb.com/vuln/359541

cna@vuldb.com

🔗

https://vuldb.com/vuln/359541/cti

cna@vuldb.com

🔗

https://www.tenda.com.cn/

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-74

EPSS0.21%

Exploit No

Patch ✗ No

Published 2026-04-25

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-74

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-6989

Introduce Yourself

Sign In Required