EUVD-2026-14343
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5Tags
Description
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
Analysis
Buffer overflow in Tenda AC21 firmware version 16.03.08.16 allows authenticated remote attackers to achieve complete system compromise through crafted QoS configuration requests to the SetNetControlList endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all Tenda AC21 routers running firmware 16.03.08.16 in your environment; verify network segmentation restricts router management access to authorized personnel only. Within 7 days: Disable remote management features on affected routers if operationally feasible; restrict administrative access to the /goform/SetNetControlList endpoint to trusted internal networks only using firewall rules. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today