Skip to main content

Tenda EUVD-2026-13754

| CVE-2026-4493 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-20 VulDB
Tenda Buffer Overflow Stack Overflow
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
CVSS changed
Apr 22, 2026 - 21:37 NVD
8.8 (HIGH) 7.4 (HIGH)
PoC Detected
Mar 24, 2026 - 15:54 vuln.today
Public exploit code
EUVD ID Assigned
Mar 20, 2026 - 17:45 euvd
EUVD-2026-13754
Analysis Generated
Mar 20, 2026 - 17:45 vuln.today
CVE Published
Mar 20, 2026 - 17:32 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack-based buffer overflow in Tenda A18 Pro MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through manipulation of the deviceList parameter. Public exploit code exists for this vulnerability, and no patch is currently available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Tenda A18 Pro admin interface
Delivery
Send crafted POST to /goform/setMacFilterCfg
Exploit
Inject oversized deviceList parameter
Execution
Overflow stack buffer in sub_423B50
Impact
Execute arbitrary code with router privileges
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires authenticated access (PR:L) to Tenda A18 Pro firmware version 02.03.02.28. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents significant real-world risk with multiple concerning indicators. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the local network or with VPN access authenticates to the Tenda A18 Pro router's web interface using compromised, default, or brute-forced low-privilege credentials. They then craft a malicious HTTP request to /goform/setMacFilterCfg containing an oversized deviceList parameter designed to overflow the stack buffer in function sub_423B50. …
Remediation Check the official Tenda website (https://www.tenda.com.cn/) and contact Tenda support for firmware updates addressing this vulnerability, as no specific patched version has been publicly announced based on available references. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Tenda A18 Pro routers in your environment and isolate firmware version 02.03.02.28 devices from production networks if possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p
CVE-2026-38061 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum
CVE-2026-38062 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat
CVE-2026-38063 CRITICAL
9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

Share

EUVD-2026-13754 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy