CVE-2026-2202
8.8 HIGHPublished 2026-02-09 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A buffer overflow vulnerability exists in the Tenda AC8 router's web interface. Attackers can remotely crash the device or execute malicious code by sending specially crafted network requests.
Who is affected
Users of Tenda AC8 routers with firmware version 16.03.33.05 are affected. A successful exploit could allow an attacker to take full control of the router.
Recommended fix
Immediately upgrade the router's firmware to a version newer than 16.03.33.05. If no patch is available, disable remote administration and the guest Wi-Fi feature as a temporary workaround.
Technical Description
A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-119, CWE-120
References
- https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/WifiGuestSet-sharespeed-bufferoverflow.md
- https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/WifiGuestSet-sharespeed-bufferoverflow.md#poc
- https://vuldb.com/?ctiid.344905
- https://vuldb.com/?id.344905
- https://vuldb.com/?submit.750225
- https://www.tenda.com.cn/