Details of VAR-202602-2529

ID

VAR-202602-2529

CVE

CVE-2026-2930

TITLE

Shenzhen Tenda Technology Co.,Ltd. of A18 Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-004661

DESCRIPTION

A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-2930 // JVNDB: JVNDB-2026-004661

AFFECTED PRODUCTS

vendor:	tenda	model:	a18	scope:	eq	version:	15.13.07.13	Trust: 1.0
vendor:	tenda	model:	a18	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	a18	scope:	eq	version:	a18 firmware 15.13.07.13	Trust: 0.8
vendor:	tenda	model:	a18	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-004661 // NVD: CVE-2026-2930

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2026-2930
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2026-2930
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-004661
value:	HIGH
Trust: 0.8

cna@vuldb.com:	CVE-2026-2930
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2026-004661
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2026-2930
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-2930
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2026-004661
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-004661 // NVD: CVE-2026-2930 // NVD: CVE-2026-2930

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-004661 // NVD: CVE-2026-2930

PATCH

title:

Tenda A18 V15.13.07.13 Stack-based Buffer Overflow

url:

https://vuldb.com/?id.347277

Trust: 0.8

sources: JVNDB: JVNDB-2026-004661

EXTERNAL IDS

db:	NVD	id:	CVE-2026-2930	Trust: 2.6
db:	VULDB	id:	347277	Trust: 1.0
db:	JVNDB	id:	JVNDB-2026-004661	Trust: 0.8

sources: JVNDB: JVNDB-2026-004661 // NVD: CVE-2026-2930

REFERENCES

url:	https://www.tenda.com.cn/	Trust: 1.8
url:	https://github.com/master-abc/cve/issues/40	Trust: 1.8
url:	https://vuldb.com/?ctiid.347277	Trust: 1.0
url:	https://vuldb.com/?id.347277	Trust: 1.0
url:	https://vuldb.com/?submit.755227	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-2930	Trust: 0.8

sources: JVNDB: JVNDB-2026-004661 // NVD: CVE-2026-2930

SOURCES

db:	JVNDB	id:	JVNDB-2026-004661
db:	NVD	id:	CVE-2026-2930

LAST UPDATE DATE

2026-02-26T23:35:57.581000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-004661	date:	2026-02-25T03:37:00
db:	NVD	id:	CVE-2026-2930	date:	2026-02-23T20:19:16.723

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-004661	date:	2026-02-25T00:00:00
db:	NVD	id:	CVE-2026-2930	date:	2026-02-22T07:16:15.023