{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1637", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-29T16:56:17.581Z", "datePublished": "2026-01-29T22:32:07.685Z", "dateUpdated": "2026-02-23T09:07:49.829Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:07:49.829Z"}, "title": "Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "AC21", "versions": [{"version": "16.03.08.16", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:ac21_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-29T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-29T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-04T03:53:45.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "LX-LX (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.343416", "name": "VDB-343416 | Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343416", "name": "VDB-343416 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.740865", "name": "Submit #740865 | Tenda AC21 V16.03.08.16 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LX-LX88/cve/issues/25", "tags": ["broken-link", "exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"references": [{"url": "https://github.com/LX-LX88/cve/issues/25", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T14:36:34.085802Z", "id": "CVE-2026-1637", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:33:53.523Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1637", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-30T14:36:34.085802Z"}}}], "references": [{"url": "https://github.com/LX-LX88/cve/issues/25", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T14:36:44.428Z"}}], "cna": {"title": "Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "LX-LX (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:ac21_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "product": "AC21", "versions": [{"status": "affected", "version": "16.03.08.16"}]}], "timeline": [{"lang": "en", "time": "2026-01-29T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-29T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-04T03:53:45.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.343416", "name": "VDB-343416 | Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343416", "name": "VDB-343416 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.740865", "name": "Submit #740865 | Tenda AC21 V16.03.08.16 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LX-LX88/cve/issues/25", "tags": ["broken-link", "exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:07:49.829Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1637", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:07:49.829Z", "dateReserved": "2026-01-29T16:56:17.581Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-29T22:32:07.685Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac21_firmware:16.03.08.16:*:*:*:*:*:*:*", "matchCriteriaId": "089AC516-5475-4725-B348-832A00ED0CC3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac21:-:*:*:*:*:*:*:*", "matchCriteriaId": "05B05222-6E83-487C-A083-CED82D803330", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en Tenda AC21 16.03.08.16. El elemento afectado es la funci\u00f3n fromAdvSetMacMtuWan del archivo /goform/AdvSetMacMtuWan. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer basado en pila. La explotaci\u00f3n remota del ataque es posible. El exploit est\u00e1 disponible p\u00fablicamente y podr\u00eda ser utilizado."}], "id": "CVE-2026-1637", "lastModified": "2026-02-10T15:13:38.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-29T23:16:11.473", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://github.com/LX-LX88/cve/issues/25"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.343416"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.343416"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.740865"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Broken Link"], "url": "https://github.com/LX-LX88/cve/issues/25"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:15:56.660844+00:00", "value": {"mitigation_remediation": ["Upgrade the firmware to the latest AC21 release that includes the stack\u2011buffer overflow fix.", "Restrict access to the device\u2019s web interface to trusted networks or IP addresses to reduce exposure to remote attackers.", "As a temporary measure, block or filter requests to the /goform/AdvSetMacMtuWan endpoint on the router or at the network boundary to prevent the overflow exploit from being triggered."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Tenda AC21 routers running firmware version 16.03.08.16 are affected. Devices with the AC21 model and the specified firmware build are the only ones listed as vulnerable. No other firmware versions or models are known to be affected at this time.", "description_and_impact": "The vulnerability is a stack-based buffer overflow in the fromAdvSetMacMtuWan function located at /goform/AdvSetMacMtuWan in the firmware of Tenda AC21. This flaw allows an attacker to manipulate input to overflow a buffer on the stack, potentially leading to arbitrary code execution or denial of service. The problem is classified as a stack overflow (CWE-119) and buffer overrun (CWE-121).", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity vulnerability, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The flaw is not currently listed in the CISA KEV catalog. Remote exploitation requires reaching the /goform/AdvSetMacMtuWan endpoint and sending a specially crafted payload that overflows the stack. Once executed, the payload could allow an attacker to run arbitrary commands with the privileges of the web interface, potentially compromising the entire device."}}}}, "created": "2026-01-30T08:42:29.059946+00:00", "updated": "2026-04-18T01:30:16.028143+00:00", "vendors": ["tenda", "tenda$PRODUCT$ac21"]}