Details of VAR-202602-0396

ID

VAR-202602-0396

CVE

CVE-2026-2148

TITLE

Shenzhen Tenda Technology Co.,Ltd. of ac21 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003124

DESCRIPTION

A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2148 // JVNDB: JVNDB-2026-003124

AFFECTED PRODUCTS

vendor:	tenda	model:	ac21	scope:	eq	version:	16.03.08.16	Trust: 1.0
vendor:	tenda	model:	ac21	scope:	eq	version:	-	Trust: 0.8
vendor:	tenda	model:	ac21	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	ac21	scope:	eq	version:	ac21 firmware 16.03.08.16	Trust: 0.8

sources: JVNDB: JVNDB-2026-003124 // NVD: CVE-2026-2148

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-2148
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2026-2148
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-003124
value:	HIGH
Trust: 0.8

cna@vuldb.com:	CVE-2026-2148
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-003124
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-2148
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-2148
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2026-003124
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-003124 // NVD: CVE-2026-2148 // NVD: CVE-2026-2148

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-003124 // NVD: CVE-2026-2148

PATCH

title:

//vuldb.com/?submit.747557

url:

https://github.com/master-abc/cve/issues/27

Trust: 0.8

sources: JVNDB: JVNDB-2026-003124

EXTERNAL IDS

db:	NVD	id:	CVE-2026-2148	Trust: 2.6
db:	VULDB	id:	344850	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-003124	Trust: 0.8

sources: JVNDB: JVNDB-2026-003124 // NVD: CVE-2026-2148

REFERENCES

url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://vuldb.com/?id.344850	Trust: 1.0
url:	https://vuldb.com/?submit.747557	Trust: 1.0
url:	https://github.com/master-abc/cve/issues/27	Trust: 1.0
url:	https://vuldb.com/?ctiid.344850	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-2148	Trust: 0.8

sources: JVNDB: JVNDB-2026-003124 // NVD: CVE-2026-2148

SOURCES

db:	JVNDB	id:	JVNDB-2026-003124
db:	NVD	id:	CVE-2026-2148

LAST UPDATE DATE

2026-02-12T23:38:26.046000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-003124	date:	2026-02-12T07:26:00
db:	NVD	id:	CVE-2026-2148	date:	2026-02-10T18:51:48.687

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-003124	date:	2026-02-12T00:00:00
db:	NVD	id:	CVE-2026-2148	date:	2026-02-08T11:15:51.800