A21 Firmware
CVE-2026-2874
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
AnalysisAI
Remote code execution in Tenda A21 1.0.0.0 firmware via stack-based buffer overflow in the WiFi settings endpoint allows authenticated attackers to execute arbitrary code with full system privileges. The vulnerability exists in the fast_setting_wifi_set function where unsanitized SSID parameter input can overflow the stack, and public exploit code is currently available. No patch has been released for this high-severity vulnerability affecting both the A21 firmware and Stack Overflow products.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects A21 Firmware. A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in A21 Firmware
View allStack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in th
Stack-based buffer overflow in Tenda A21 firmware allows remote attackers with valid credentials to achieve complete sys
Stack-based buffer overflow in Tenda A21 1.0.0.0 MAC filtering configuration allows remote authenticated attackers to ac
Remote code execution in Tenda A21 firmware through a stack buffer overflow in the QoS bandwidth configuration endpoint
Remote code execution in Tenda A21 1.0.0.0 firmware results from a stack buffer overflow in the SetIpMacBind function ac
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today