Sign-up

ID

VAR-202603-1972


CVE

CVE-2026-4252


TITLE

Shenzhen Tenda Technology Co.,Ltd. of AC8  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-010080

DESCRIPTION

A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This vulnerability allows authentication to fail. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-4252 // JVNDB: JVNDB-2026-010080

AFFECTED PRODUCTS

vendor:tendamodel:ac8scope:eqversion:16.03.50.11

Trust: 1.0

vendor:tendamodel:ac8scope:eqversion:ac8 firmware 16.03.50.11

Trust: 0.8

vendor:tendamodel:ac8scope: - version: -

Trust: 0.8

vendor:tendamodel:ac8scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-010080 // NVD: CVE-2026-4252

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-4252
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-010080
value: CRITICAL

Trust: 0.8

cna@vuldb.com: CVE-2026-4252
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-010080
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-4252
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-010080
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-010080 // NVD: CVE-2026-4252

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-291

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

problemtype: During authentication IP Address Dependency (CWE-291) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-010080 // NVD: CVE-2026-4252

PATCH

title:httpsurl:https://vuldb.com/?id.351210

Trust: 0.8

sources: JVNDB: JVNDB-2026-010080

EXTERNAL IDS

db:NVDid:CVE-2026-4252

Trust: 2.6

db:VULDBid:351210

Trust: 1.0

db:JVNDBid:JVNDB-2026-010080

Trust: 0.8

sources: JVNDB: JVNDB-2026-010080 // NVD: CVE-2026-4252

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://github.com/digitalandrew/tenda_ac8_v5/blob/main/poc_ipv6_auth_bypass.py

Trust: 1.8

url:https://vuldb.com/?submit.771759

Trust: 1.0

url:https://vuldb.com/?id.351210

Trust: 1.0

url:https://vuldb.com/?ctiid.351210

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-4252

Trust: 0.8

sources: JVNDB: JVNDB-2026-010080 // NVD: CVE-2026-4252

SOURCES

db:JVNDBid:JVNDB-2026-010080
db:NVDid:CVE-2026-4252

LAST UPDATE DATE

2026-04-06T23:23:46.020000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-010080date:2026-04-06T05:41:00
db:NVDid:CVE-2026-4252date:2026-04-03T19:39:21.993

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-010080date:2026-04-06T00:00:00
db:NVDid:CVE-2026-4252date:2026-03-16T17:16:32.057