Ac8 Firmware
CVE-2026-3044
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Remote code execution in Tenda AC8 firmware versions up to 16.03.34.06 allows authenticated attackers to execute arbitrary code via a stack-based buffer overflow in the HTTP upload handler. Public exploit code exists for this vulnerability, which has no patch available. An attacker with valid credentials can trigger the overflow by manipulating the boundary parameter in multipart upload requests.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects Ac8 Firmware. A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible. Restrict network access to the affected service where possible.
More in Ac8 Firmware
View allStack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by su
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. Rated crit
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 funct
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentCon
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 funct
A vulnerability was found in Tenda AC8V4 V16.03.34.06. Rated critical severity (CVSS 9.8), this vulnerability is remotel
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. Rated critical severity
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. Rated critical severity (CVSS 9.8), this vulnerability is r
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNe
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and par
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/S
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetPar
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today