CVE-2026-2886
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
Stack Overflow and Tenda A21 1.0.0.0 are vulnerable to remote code execution through a stack-based buffer overflow in the device name configuration function, exploitable by authenticated attackers without user interaction. Public exploit code exists for this vulnerability, enabling attackers to achieve complete compromise of affected systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tenda A21 1.0.0.0 devices in your network and isolate affected units from critical systems. Within 7 days: Implement network segmentation to restrict administrative access to these devices and monitor for suspicious configuration changes. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today