A21 Firmware
CVE-2026-2872
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
AnalysisAI
Stack-based buffer overflow in Tenda A21 1.0.0.0 MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through malicious devName/mac parameters. Public exploit code exists for this vulnerability, which remains unpatched. The flaw affects the set_device_name function in the /goform/setBlackRule endpoint with high exploitability due to network accessibility and low attack complexity.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects A21 Firmware. A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in A21 Firmware
View allStack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in th
Remote code execution in Tenda A21 1.0.0.0 firmware via stack-based buffer overflow in the WiFi settings endpoint allows
Stack-based buffer overflow in Tenda A21 firmware allows remote attackers with valid credentials to achieve complete sys
Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint
Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function ac
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today