CVE-2026-25857 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2026-25857?

CVE-2026-25857 has a CVSS score of 8.8 (HIGH). This CVE describes an OS command injection vulnerability in Tenda G300-F router firmware that allows remote attackers to execute arbitrary commands on affected devices. Attackers with access to the management interface can exploit the WAN diagnostic functionality to inject shell commands and potentially take full control of the router. Users of Tenda G300-F routers with vulnerable firmware versions are affected.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Tenda G300-F router firmware that allows remote attackers to execute arbitrary commands on affected devices. Attackers with access to the management interface can exploit the WAN diagnostic functionality to inject shell commands and potentially take full control of the router. Users of Tenda G300-F routers with vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Tenda G300-F router

Versions: 16.01.14.2 and prior

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface's WAN diagnostic functionality. Default configurations typically expose this interface.

📦 What is this software?

G300 F Firmware by Tenda

View all CVEs affecting G300 F Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the router allowing attackers to intercept all network traffic, install persistent malware, pivot to internal networks, and potentially brick the device.

🟠

Likely Case

Attackers gain shell access to the router, enabling them to modify network settings, intercept traffic, and potentially use the device as a foothold for further attacks.

🟢

If Mitigated

If the management interface is not exposed to the internet and network segmentation is implemented, the attack surface is significantly reduced to only local network threats.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the management interface. The vulnerability is well-documented with technical details available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 16.01.14.2

Vendor Advisory: https://www.tendacn.com/material/show/736333682028613

Restart Required: Yes

Instructions:

1. Log into the router's web interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download the latest firmware from Tenda's official website. 4. Upload and install the firmware update. 5. Reboot the router after installation completes.

🔧 Temporary Workarounds

Disable remote management

all

Prevent external access to the router's management interface

Network segmentation

all

Isolate the router management interface to a dedicated VLAN

🧯 If You Can't Patch

Change default credentials and implement strong authentication
Disable WAN diagnostic functionality if possible through configuration

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Status or System Tools > Firmware Upgrade

Check Version:

Check via web interface; no direct CLI command available for end users

Verify Fix Applied:

Verify firmware version is greater than 16.01.14.2 after update

📡 Detection & Monitoring

Log Indicators:

Unusual curl commands in system logs
Multiple failed login attempts followed by diagnostic requests
Unexpected process execution from web interface

Network Indicators:

Unusual outbound connections from router
Suspicious traffic patterns from router management interface

SIEM Query:

source="router_logs" AND ("formSetWanDiag" OR "curl" AND "wan_diag")

📊 Metadata

CVE ID: CVE-2026-25857

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.21% exploit probability (42.7th percentile)

Published: February 7, 2026

Last Updated: March 5, 2026

🔗 References

https://blog.evan.lat/blog/cve-2026-25857/ Exploit,Third Party Advisory
https://www.tendacn.com/material/show/736333682028613 Product
https://www.vulncheck.com/advisories/tenda-g300-f-command-injection-via-formsetwandiag Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25857, you might also want to check these: