This vulnerability affects Tenda AC6 routers running firmware version 15.03.06.23. It involves an OS command injection in the formWifiApScan function of the /goform/WifiApScan endpoint in the httpd component. By manipulating the wl2g.public.country or wl5g.public.country parameters, an attacker can remotely execute arbitrary OS commands on the device. The vulnerability is remotely exploitable without user interaction and has a CVSS 4.0 base score of 5.3, indicating medium severity. No official patch or remediation level has been published by the vendor. Public exploit code is available, but no active exploitation has been confirmed.

Successful exploitation allows remote attackers to execute arbitrary operating system commands on the affected Tenda AC6 device, potentially compromising the device's integrity and confidentiality. This could lead to unauthorized control over the router, impacting network security. However, the vulnerability requires low privileges and no user interaction, increasing the risk. Despite public exploit availability, no in-the-wild exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting remote access to the affected endpoint and monitor network traffic for suspicious activity related to the vulnerable parameters. Avoid exposing the router's management interface to untrusted networks. Follow vendor communications closely for updates on patches or official mitigations.