CVE-2026-24105 is a command injection vulnerability identified in the Tenda AC15V1.0 router firmware version V15.03.05.18_multi. The vulnerability exists in the goform/formsetUsbUnload endpoint, where the parameter 'v1' is accepted without proper input validation or sanitization. This parameter is directly passed to the doSystemCmd function, which executes system-level commands on the device. Because the input is unchecked, an attacker can craft malicious input to execute arbitrary commands on the router with the privileges of the system process. This can lead to unauthorized control over the device, allowing attackers to manipulate router configurations, intercept or redirect network traffic, or pivot to internal networks. The vulnerability does not require authentication or user interaction, making it exploitable remotely by unauthenticated attackers who can reach the device's management interface. Although no public exploits have been reported yet, the simplicity of the attack vector and the critical role of routers in network infrastructure make this a significant threat. The lack of a CVSS score indicates the need for manual severity assessment. The vulnerability affects a specific firmware version of the Tenda AC15 router, a device popular in consumer and small business environments, especially in Asia and Europe. The absence of an official patch or mitigation guidance increases the urgency for network administrators to implement compensating controls.

If exploited, this vulnerability can lead to complete compromise of the affected router, allowing attackers to execute arbitrary commands with system-level privileges. This can result in unauthorized access to internal networks, interception or manipulation of network traffic, disruption of network services, and potential lateral movement to other devices. The confidentiality, integrity, and availability of network communications are at risk. Organizations relying on Tenda AC15 routers for critical network functions, including home offices, small businesses, and branch offices, could face significant operational disruptions and data breaches. The lack of authentication requirement and remote exploitability increase the likelihood of attacks, especially in environments where router management interfaces are exposed to untrusted networks. The potential impact extends to undermining trust in network infrastructure and increasing the attack surface for broader cyberattacks.

1. Immediately restrict access to the router's management interface by limiting it to trusted internal networks and disabling remote management if not required. 2. Implement network-level firewall rules to block unauthorized access to the vulnerable endpoint (goform/formsetUsbUnload). 3. Monitor network traffic and router logs for unusual commands or access patterns indicative of exploitation attempts. 4. Contact Tenda support or check official channels regularly for firmware updates or patches addressing this vulnerability. 5. If no patch is available, consider replacing affected devices with models from vendors with active security support. 6. Employ network segmentation to isolate vulnerable devices from critical infrastructure. 7. Use intrusion detection/prevention systems (IDS/IPS) to detect and block command injection attempts targeting this vulnerability. 8. Educate users and administrators about the risks of exposing router management interfaces to the internet.