A vulnerability, which was classified as critical , has been found in Tenda AC6 15.03.06.49_multi_TDE01 . Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd . Performing a manipulation of the argument mac/ssid results in os command injection. This vulnerability is cataloged as CVE-2026-8263 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available.