What is the CVSS score of CVE-2026-2871?

CVE-2026-2871 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of DNS are affected by CVE-2026-2871?

A high-severity vulnerability in Tenda A21 wireless routers (CVE-2026-2871) allows unauthenticated attackers to compromise network devices through the IP-MAC binding function.

Is there a public PoC exploit available for CVE-2026-2871?

Yes, a public proof-of-concept exploit is available for CVE-2026-2871. Prioritise patching immediately. EPSS: 0.0%.

DNS CVE-2026-2871

HIGH

Buffer Overflow (CWE-119)

2026-02-21 cna@vuldb.com

Buffer Overflow DNS Stack Overflow A21 Firmware

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:04 vuln.today

PoC Detected

Feb 23, 2026 - 20:59 vuln.today

Public exploit code

CVE Published

Feb 21, 2026 - 16:16 nvd

HIGH 8.8

DescriptionNVD

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function accessible via the /goform/SetIpMacBind endpoint, allowing unauthenticated remote attackers to execute arbitrary code with high integrity and availability impact. Public exploit code exists for this vulnerability, and no patch is currently available, creating significant risk for affected devices.

RemediationAI

Within 24 hours: Inventory all Tenda A21 1.0.0.0 devices in production and isolate affected units from critical networks if possible; enable all available logging and monitoring. Within 7 days: Implement network segmentation to restrict administrative access to these devices and deploy WAF rules blocking /goform/SetIpMacBind requests from untrusted sources. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-2871 vulnerability details – vuln.today

Back

DNS CVE-2026-2871

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code