Tenda A21 SetOnlineDevName set_device_name stack-based overflow

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Problem type

Affected products

Tenda

A21

1.0.0.0 - AFFECTED

References

VDB-347180 | Tenda A21 SetOnlineDevName set_device_name stack-based overflow

https://vuldb.com/?id.347180

vdb-entrytechnical-description

VDB-347180 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.347180

signaturepermissions-required

Submit #754640 | Tenda A21 V1.0.0.0 Stack-based Buffer Overflow

https://vuldb.com/?submit.754640

third-party-advisory

github.com

https://github.com/QIU-DIE/cve-nneeww/issues/6

exploitissue-tracking

tenda.com.cn

https://www.tenda.com.cn/

product

GitHub Security Advisories

GHSA-mr72-9cxv-g662

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of...

https://github.com/advisories/GHSA-mr72-9cxv-g662

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2886

github.com

https://github.com/QIU-DIE/cve-nneeww/issues/6

vuldb.com

https://vuldb.com/?ctiid.347180

vuldb.com

https://vuldb.com/?id.347180

vuldb.com

https://vuldb.com/?submit.754640

tenda.com.cn

https://www.tenda.com.cn

github.com

https://github.com/advisories/GHSA-mr72-9cxv-g662

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2886

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2886",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-21T21:02:11.930Z",
    "dateReserved": "2026-02-20T17:04:45.674Z",
    "datePublished": "2026-02-21T21:02:11.930Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-21T21:02:11.930Z"
      },
      "title": "Tenda A21 SetOnlineDevName set_device_name stack-based overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "Tenda",
          "product": "A21",
          "versions": [
            {
              "version": "1.0.0.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Stack-based Buffer Overflow",
              "cweId": "CWE-121",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.347180",
          "name": "VDB-347180 | Tenda A21 SetOnlineDevName set_device_name stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.347180",
          "name": "VDB-347180 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.754640",
          "name": "Submit #754640 | Tenda A21 V1.0.0.0 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/QIU-DIE/cve-nneeww/issues/6",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.tenda.com.cn/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-20T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-20T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-20T18:09:49.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "hhsw34 (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}