A vulnerability has been found in Tenda AC6 15.03.06.23 and classified as critical . Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd . The manipulation of the argument wans.flag leads to os command injection. This vulnerability is documented as CVE-2026-8265 . The attack can be initiated remotely. Additionally, an exploit exists.