Tenda AC10 v15.03.06.26 exists to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.
tendacn ac10_firmware 15.03.06.26