A vulnerability, which was classified as critical , was found in Tenda AC6 15.03.06.23 . Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd . Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. This vulnerability is registered as CVE-2026-8264 . It is possible to launch the attack remotely. Furthermore, an exploit is available.