Which versions of Tenda are affected by CVE-2026-4490?

A critical remote code execution vulnerability affects Tenda A18 Pro routers with a publicly available exploit, enabling unauthenticated attackers to gain complete control of affected devices.

Is there a public PoC exploit available for CVE-2026-4490?

Yes, a public proof-of-concept exploit is available for CVE-2026-4490. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4490?

Within 24 hours: Identify and inventory all Tenda A18 Pro routers running firmware 02.03.02.28; assess network exposure and isolate affected devices from critical systems if possible. Within 7 days: Implement network-level mitigations (WAF rules blocking /goform/openSchedWifi, restrict administrative access to trusted networks only); contact Tenda for patch ETA and consider temporary disabling of scheduled WiFi functionality if operationally feasible. Within 30 days: Develop migration plan to replace vulnerable routers with patched firmware or alternative vendors; establish vendor communication protocol for future vulnerability disclosures.

Tenda CVE-2026-4490

Q: What is the CVSS score of CVE-2026-4490?

CVE-2026-4490 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-13736 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-20 VulDB

Tenda Buffer Overflow Stack Overflow

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

CVSS changed

Apr 22, 2026 - 21:37 NVD

8.8 (HIGH) 7.4 (HIGH)

PoC Detected

Mar 24, 2026 - 15:54 vuln.today

Public exploit code

EUVD ID Assigned

Mar 20, 2026 - 16:45 euvd

EUVD-2026-13736

Analysis Generated

Mar 20, 2026 - 16:45 vuln.today

CVE Published

Mar 20, 2026 - 16:32 nvd

HIGH 8.8

DescriptionCVE.org

A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 enables authenticated remote attackers to achieve code execution with high privileges through the setSchedWifi function. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected devices exposed to active exploitation. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Tenda A18 Pro web interface

Exploit

Send crafted POST to /goform/openSchedWifi

Execution

Overflow stack buffer in setSchedWifi function

Impact

Execute arbitrary code with device privileges

Access

Authenticate to Tenda A18 Pro web interface

Exploit

Send crafted POST to /goform/openSchedWifi

Execution

Overflow stack buffer in setSchedWifi function

Impact

Execute arbitrary code with device privileges

Vulnerability AssessmentAI

Exploitation	Requires authenticated access (PR:L) to Tenda A18 Pro router firmware version 02.03.02.28. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS v3.1 score of 8.8 (High) reflects significant risk with network-based attack vector (AV:N), low complexity (AC:L), low privileges required (PR:L), and high impact across all CIA triad components. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with knowledge of valid low-privilege router credentials (potentially obtained through credential stuffing, default password exploitation, or prior compromise) authenticates to the Tenda A18 Pro web interface over the network. Using the publicly available proof-of-concept from GitHub, the attacker sends a specially crafted request to the /goform/openSchedWifi endpoint with oversized input to the setSchedWifi function, triggering the stack-based buffer overflow. …
Remediation	No official patch or firmware update has been referenced in available intelligence sources (CVSS remediation level is marked as unavailable/X), and the vendor website at https://www.tenda.com.cn/ should be monitored for security updates addressing firmware version 02.03.02.28. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all Tenda A18 Pro routers running firmware 02.03.02.28; assess network exposure and isolate affected devices from critical systems if possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p

CVE-2026-38061 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum

CVE-2026-38062 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat

CVE-2026-38063 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

CVE-2026-4490 vulnerability details – vuln.today

Back

Tenda CVE-2026-4490

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code