Sign-up

ID

VAR-202601-4247


CVE

CVE-2026-1637


TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac21  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003163

DESCRIPTION

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The affected elements are files /goform/AdvSetMacMtuWan Functions in fromAdvSetMacMtuWan This action results in a stack-based buffer overflow that can be exploited remotely. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-1637 // JVNDB: JVNDB-2026-003163

AFFECTED PRODUCTS

vendor:tendamodel:ac21scope:eqversion:16.03.08.16

Trust: 1.0

vendor:tendamodel:ac21scope:eqversion: -

Trust: 0.8

vendor:tendamodel:ac21scope: - version: -

Trust: 0.8

vendor:tendamodel:ac21scope:eqversion:ac21 firmware 16.03.08.16

Trust: 0.8

sources: JVNDB: JVNDB-2026-003163 // NVD: CVE-2026-1637

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-1637
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-003163
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-1637
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-003163
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-1637
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-003163
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-003163 // NVD: CVE-2026-1637

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-003163 // NVD: CVE-2026-1637

PATCH

title:Tenda AC21 V16.03.08.16 Buffer Overflowurl:https://vuldb.com/?id.343416

Trust: 0.8

sources: JVNDB: JVNDB-2026-003163

EXTERNAL IDS

db:NVDid:CVE-2026-1637

Trust: 2.6

db:VULDBid:343416

Trust: 1.0

db:JVNDBid:JVNDB-2026-003163

Trust: 0.8

sources: JVNDB: JVNDB-2026-003163 // NVD: CVE-2026-1637

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/?submit.740865

Trust: 1.0

url:https://vuldb.com/?ctiid.343416

Trust: 1.0

url:https://vuldb.com/?id.343416

Trust: 1.0

url:https://github.com/lx-lx88/cve/issues/25

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-1637

Trust: 0.8

sources: JVNDB: JVNDB-2026-003163 // NVD: CVE-2026-1637

SOURCES

db:JVNDBid:JVNDB-2026-003163
db:NVDid:CVE-2026-1637

LAST UPDATE DATE

2026-02-12T23:40:23.183000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-003163date:2026-02-12T07:37:00
db:NVDid:CVE-2026-1637date:2026-02-10T15:13:38.820

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-003163date:2026-02-12T00:00:00
db:NVDid:CVE-2026-1637date:2026-01-29T23:16:11.473