{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4491", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-20T08:32:43.616Z", "datePublished": "2026-03-20T16:32:18.226Z", "dateUpdated": "2026-03-20T17:01:24.970Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T16:32:18.226Z"}, "title": "Tenda A18 Pro SetIpMacBind fromSetIpMacBind stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "A18 Pro", "versions": [{"version": "02.03.02.28", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-20T09:38:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "lilukun (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.352017", "name": "VDB-352017 | Tenda A18 Pro SetIpMacBind fromSetIpMacBind stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352017", "name": "VDB-352017 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773671", "name": "Submit #773671 | Tenda A18pro V02.03.02.28 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/lilukun337/cve/issues/3", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T17:01:19.859612Z", "id": "CVE-2026-4491", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:01:24.970Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4491", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T17:01:19.859612Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:01:21.919Z"}}], "cna": {"title": "Tenda A18 Pro SetIpMacBind fromSetIpMacBind stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "lilukun (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tenda", "product": "A18 Pro", "versions": [{"status": "affected", "version": "02.03.02.28"}]}], "timeline": [{"lang": "en", "time": "2026-03-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-20T09:38:02.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352017", "name": "VDB-352017 | Tenda A18 Pro SetIpMacBind fromSetIpMacBind stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352017", "name": "VDB-352017 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773671", "name": "Submit #773671 | Tenda A18pro V02.03.02.28 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/lilukun337/cve/issues/3", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T16:32:18.226Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4491", "state": "PUBLISHED", "dateUpdated": "2026-03-20T17:01:24.970Z", "dateReserved": "2026-03-20T08:32:43.616Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-20T16:32:18.226Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en Tenda A18 Pro 02.03.02.28. Afectada es la funci\u00f3n fromSetIpMacBind del archivo /goform/SetIpMacBind. Tal manipulaci\u00f3n de la lista de argumentos lleva a desbordamiento de b\u00fafer basado en pila. El ataque puede ser ejecutado remotamente. El exploit ha sido divulgado al p\u00fablico y puede ser usado."}], "id": "CVE-2026-4491", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-20T17:17:00.240", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/lilukun337/cve/issues/3"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352017"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352017"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.773671"}, {"source": "cna@vuldb.com", "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "02.03.02.28"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "a18_pro", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-03-20T18:22:12.106313+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update from Tenda that addresses the buffer overflow if one is available", "If no firmware update exists, block remote access to the /goform/SetIpMacBind endpoint using firewall rules or disable the feature in the device\u2019s configuration", "Implement network segmentation or VPN to restrict management traffic to trusted internal hosts", "Monitor device logs for anomalous activity referencing SetIpMacBind and enforce regular patching procedures"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the Tenda A18 Pro running firmware version 02.03.02.28. No other vendors, products, or versions are listed as impacted.", "description_and_impact": "A stack\u2011based buffer overflow exists in the SetIpMacBind function of the Tenda A18 Pro firmware. By sending a crafted argument list to the /goform/SetIpMacBind web form, an attacker can overflow the input buffer, corrupt the stack, and potentially execute arbitrary code with the device\u2019s privileges. The vulnerability is rooted in CWE\u2011119 (Buffer Overflow) and CWE\u2011121 (Stack\u2011Based Buffer Overflow).", "risk_and_exploitability": "The vulnerability scores a high 8.7 on the CVSS scale and is exploitable remotely through the web interface. A public exploit has been disclosed, and the absence of a known patch increases the likelihood of exploitation when the device is exposed to a network. The risk is elevated for networks that allow inbound traffic to the device\u2019s management interface."}}}}, "created": "2026-03-23T09:53:11.260499+00:00", "updated": "2026-03-25T14:29:00.229720+00:00", "vendors": ["tenda", "tenda$PRODUCT$a18_pro"]}