A vulnerability classified as critical has been found in Tenda F451 1.0.0.7/1.0.0.9 . Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface . Performing a manipulation of the argument mac results in os command injection. This vulnerability is known as CVE-2026-11556 . Remote exploitation of the attack is possible. Furthermore, an exploit is available.