Tenda AC9 v15.03.2.21 exists to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.
tenda ac9_firmware 15.03.2.21