G300 F Firmware

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25857 HIGH POC This Week

Unauthenticated command injection in Tenda G300-F router firmware version 16.01.14.2 and earlier allows authenticated attackers to execute arbitrary OS commands through the WAN diagnostic interface by injecting shell metacharacters into unvalidated curl parameters. An attacker with management interface access can exploit this to gain full system compromise with process-level privileges. Public exploit code exists and no patch is currently available.

Command Injection G300 F Firmware

NVD

CVSS 3.1

8.8

EPSS

0.4%

CVE-2026-25857

EPSS 0% CVSS 8.8

HIGH POC This Week

Unauthenticated command injection in Tenda G300-F router firmware version 16.01.14.2 and earlier allows authenticated attackers to execute arbitrary OS commands through the WAN diagnostic interface by injecting shell metacharacters into unvalidated curl parameters. An attacker with management interface access can exploit this to gain full system compromise with process-level privileges. Public exploit code exists and no patch is currently available.

Command Injection G300 F Firmware

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy