Skip to main content

A21 Firmware CVE-2026-2870

HIGH
Buffer Overflow (CWE-119)
2026-02-21 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:04 vuln.today
PoC Detected
Feb 23, 2026 - 21:00 vuln.today
Public exploit code
CVE Published
Feb 21, 2026 - 15:15 nvd
HIGH 8.8

DescriptionCVE.org

A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint allows unauthenticated attackers to execute arbitrary code with full system privileges. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function when processing unsanitized input, enabling network-based attacks from authenticated users or potentially lower-privileged roles.

Technical ContextAI

Classified as CWE-119 (Buffer Overflow). Affects A21 Firmware. A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.

Share

CVE-2026-2870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy