Details of VAR-202602-2529

ID

VAR-202602-2529

CVE

CVE-2026-2930

DESCRIPTION

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

Trust: 1.0

sources: NVD: CVE-2026-2930

AFFECTED PRODUCTS

vendor:

tenda

model:

a18

scope:

version:

15.13.07.13

Trust: 1.0

sources: NVD: CVE-2026-2930

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-2930
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2026-2930
value:	HIGH
Trust: 1.0

cna@vuldb.com:	CVE-2026-2930
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

cna@vuldb.com:	CVE-2026-2930
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-2930
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2026-2930 // NVD: CVE-2026-2930

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0

sources: NVD: CVE-2026-2930

EXTERNAL IDS

db:	VULDB	id:	347277	Trust: 1.0
db:	NVD	id:	CVE-2026-2930	Trust: 1.0

sources: NVD: CVE-2026-2930

REFERENCES

url:	https://vuldb.com/?ctiid.347277	Trust: 1.0
url:	https://www.tenda.com.cn/	Trust: 1.0
url:	https://github.com/master-abc/cve/issues/40	Trust: 1.0
url:	https://vuldb.com/?id.347277	Trust: 1.0
url:	https://vuldb.com/?submit.755227	Trust: 1.0

sources: NVD: CVE-2026-2930

SOURCES

db:

NVD

id:

CVE-2026-2930

LAST UPDATE DATE

2026-02-24T23:51:04.242000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2026-2930

date:

2026-02-23T20:19:16.723

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2026-2930

date:

2026-02-22T07:16:15.023