{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2877", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-20T16:13:16.150Z", "datePublished": "2026-02-21T18:32:08.125Z", "dateUpdated": "2026-02-23T15:40:18.876Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-21T18:32:08.125Z"}, "title": "Tenda A18 Httpd Service WifiExtraSet strcpy stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "A18", "versions": [{"version": "15.13.07.13", "status": "affected"}], "modules": ["Httpd Service"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T17:18:21.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "942384053 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347130", "name": "VDB-347130 | Tenda A18 Httpd Service WifiExtraSet strcpy stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347130", "name": "VDB-347130 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754703", "name": "Submit #754703 | Tenda A18 V15.13.07.13 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/master-abc/cve/issues/39", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T15:39:52.225788Z", "id": "CVE-2026-2877", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T15:40:18.876Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2877", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-23T15:39:52.225788Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T15:40:11.273Z"}}], "cna": {"title": "Tenda A18 Httpd Service WifiExtraSet strcpy stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "942384053 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tenda", "modules": ["Httpd Service"], "product": "A18", "versions": [{"status": "affected", "version": "15.13.07.13"}]}], "timeline": [{"lang": "en", "time": "2026-02-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-20T17:18:21.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347130", "name": "VDB-347130 | Tenda A18 Httpd Service WifiExtraSet strcpy stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347130", "name": "VDB-347130 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754703", "name": "Submit #754703 | Tenda A18 V15.13.07.13 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/master-abc/cve/issues/39", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-21T18:32:08.125Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2877", "state": "PUBLISHED", "dateUpdated": "2026-02-23T15:40:18.876Z", "dateReserved": "2026-02-20T16:13:16.150Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-21T18:32:08.125Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:a18_firmware:15.13.07.13:*:*:*:*:*:*:*", "matchCriteriaId": "88459A72-340E-4C7A-8C32-C5F6645F5ED4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:a18:-:*:*:*:*:*:*:*", "matchCriteriaId": "20146A03-30B3-4BFF-83DA-DEDBF6850A6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."}], "id": "CVE-2026-2877", "lastModified": "2026-02-23T20:09:24.240", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-21T19:15:58.940", "references": [{"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/master-abc/cve/issues/39"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347130"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347130"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.754703"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15.13.07.13"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "A18", "source": "cna", "vendor": "Tenda"}, "product": "a18", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-18T11:17:23.548619+00:00", "value": {"mitigation_remediation": ["Download and install the latest Tenda firmware that contains a fix for the stack overflow; if no update is available, contact Tenda support for guidance.", "Configure the router\u2019s firewall or network ACL to block HTTP requests containing the wpapsk_crypto5g parameter or to the /goform/WifiExtraSet URL, effectively disabling the vulnerable function.", "Restrict management access to the router\u2019s administrative interface to the local network only, and disable remote administration features if they are enabled.", "Monitor system logs for repeated attempts to reach /goform/WifiExtraSet and alert on suspicious activity."], "summary": {"action": "Apply patch", "impact": "Stack-based buffer overflow enabling remote code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Tenda A18 router model running firmware version 15.13.07.13. The hardware and its associated firmware are impacted.", "description_and_impact": "A stack-based buffer overflow exists in the Httpd Service of Tenda A18, triggered by the strcpy operation on the wpapsk_crypto5g argument within the WifiExtraSet function. The flaw allows a remote attacker to corrupt the stack, which could lead to arbitrary code execution or denial of service. The weakness is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Buffer) and CWE-121 (Stack-based Buffer Overflow).", "risk_and_exploitability": "The CVSS base score of 8.7 reflects high severity, while the EPSS score of less than 1% signals a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread known exploitation. The attack vector is remote, accessed via the Httpd Service, requiring the ability to send crafted parameters to the /goform/WifiExtraSet endpoint. Based on the description, it is inferred that the attacker does not need administrative credentials to trigger the flaw."}}}}, "created": "2026-02-23T14:31:46.115393+00:00", "updated": "2026-04-18T11:30:44.307800+00:00", "vendors": ["tenda", "tenda$PRODUCT$a18"]}