CVE-2026-7469 — Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 Command Injection
CVE-2026-7469 — A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may
What This Means For You
- If your environment is affected by CWE-74, CWE-77, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7469 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7469 - Tenda 4G300 Command Injection via DelFil
title: CVE-2026-7469 - Tenda 4G300 Command Injection via DelFil
id: scw-2026-04-30-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7469 by targeting the DelFil endpoint with a crafted delflag parameter. The presence of shell metacharacters like backticks, semicolons, pipes, or dollar signs within the delflag parameter indicates a potential command injection attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-04-30
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7469/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/goform/DelFil'
cs-uri-query|contains:
- 'delflag='
cs-uri-query|contains:
- '`'
cs-uri-query|contains:
- ';'
cs-uri-query|contains:
- '|'
cs-uri-query|contains:
- '$'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7469 | vulnerability | CVE-2026-7469 |
| CWE-74 | weakness | CWE-74 |
| CWE-77 | weakness | CWE-77 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 30, 2026 at 05:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7470: Tenda 4G300 Router Vulnerable to Remote Stack Overflow
CVE-2026-7470 — A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument...
CVE-2026-7468: Improper Access Control Flaw in 1024-lab smart-admin
CVE-2026-7468 — A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the...
CVE-2026-7447 — SourceCodester Pet Grooming Management Software SQL Injection
CVE-2026-7447 — A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation...