CVE-2026-7102 — Tenda F456 Command Injection
CVE-2026-7102 — A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public
What This Means For You
- If your environment is affected by CWE-74, CWE-77, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7102 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7102 - Tenda F456 WriteFacMac Command Injection
title: CVE-2026-7102 - Tenda F456 WriteFacMac Command Injection
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
Detects exploitation attempts against Tenda F456 devices by targeting the WriteFacMac function. The vulnerability (CVE-2026-7102) allows command injection via the 'mac' parameter in the /goform/WriteFacMac endpoint. This rule specifically looks for POST requests to this URI with a 'mac' parameter containing shell metacharacters like ';', indicating a potential command injection attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7102/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/goform/WriteFacMac'
cs-method|exact:
- 'POST'
cs-uri-query|contains:
- 'mac='
selection_command_injection:
cs-uri-query|contains:
- ';'
condition: selection AND selection_command_injection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7102 | vulnerability | CVE-2026-7102 |
| CWE-74 | weakness | CWE-74 |
| CWE-77 | weakness | CWE-77 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 12:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Dell iDRAC10 Vulnerability: Low-Privilege Race Condition Grants High Access
CVE-2026-35155 — Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged...
GCHQ CyberChef XSS Vulnerability (CVE-2026-42615) Identified
CVE-2026-42615 — GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
CVE-2026-23773 — Server-Side Request Forgery
CVE-2026-23773 — Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could...