CVE-2026-2871
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function accessible via the /goform/SetIpMacBind endpoint, allowing unauthenticated remote attackers to execute arbitrary code with high integrity and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda A21 1.0.0.0 devices in production and isolate affected units from critical networks if possible; enable all available logging and monitoring. Within 7 days: Implement network segmentation to restrict administrative access to these devices and deploy WAF rules blocking /goform/SetIpMacBind requests from untrusted sources. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today