{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4492", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-20T08:32:47.474Z", "datePublished": "2026-03-20T17:02:21.363Z", "dateUpdated": "2026-03-20T18:06:43.185Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T17:02:21.363Z"}, "title": "Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "A18 Pro", "versions": [{"version": "02.03.02.28", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-20T09:38:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "lilukun (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.352018", "name": "VDB-352018 | Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352018", "name": "VDB-352018 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773682", "name": "Submit #773682 | Tenda A18pro V02.03.02.28 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/lilukun337/cve/issues/4", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T17:32:48.672199Z", "id": "CVE-2026-4492", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T18:06:43.185Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4492", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T17:32:48.672199Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:32:54.928Z"}}], "cna": {"title": "Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "lilukun (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tenda", "product": "A18 Pro", "versions": [{"status": "affected", "version": "02.03.02.28"}]}], "timeline": [{"lang": "en", "time": "2026-03-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-20T09:38:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352018", "name": "VDB-352018 | Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352018", "name": "VDB-352018 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773682", "name": "Submit #773682 | Tenda A18pro V02.03.02.28 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/lilukun337/cve/issues/4", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T17:02:21.363Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4492", "state": "PUBLISHED", "dateUpdated": "2026-03-20T18:06:43.185Z", "dateReserved": "2026-03-20T08:32:47.474Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-20T17:02:21.363Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Tenda A18 Pro 02.03.02.28. El elemento afectado es la funci\u00f3n set_qosMib_list del archivo /goform/formSetQosBand. Realizar una manipulaci\u00f3n del argumento list resulta en desbordamiento de b\u00fafer basado en pila. El ataque es posible de ser llevado a cabo remotamente. El exploit ha sido hecho p\u00fablico y podr\u00eda ser usado."}], "id": "CVE-2026-4492", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-20T18:16:17.383", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/lilukun337/cve/issues/4"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352018"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352018"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.773682"}, {"source": "cna@vuldb.com", "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "02.03.02.28"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "a18_pro", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-03-20T18:21:50.531192+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update that addresses the stack-based overflow in /goform/formSetQosBand, preferably version 02.03.02.29 or later.", "If a patch is not yet available, restrict or disable remote management interfaces that expose the formSetQosBand endpoint.", "Monitor inbound traffic for unusually crafted requests to /goform/formSetQosBand and block or alert on such activity."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The fault is present in the Tenda A18 Pro model with firmware version 02.03.02.28. No other versions are listed as affected in the available data.", "description_and_impact": "A stack\u2011based buffer overflow exists in the set_qosMib_list handler of the Tenda A18 Pro firmware. By manipulating the argument list passed to the /goform/formSetQosBand endpoint, an attacker can overflow the stack and trigger arbitrary code execution. The flaw allows a remote adversary to compromise the device\u2019s confidentiality, integrity, and availability, potentially enabling full device takeover.", "risk_and_exploitability": "The CVSS v3.1 score of 8.7 indicates high severity. EPSS information is unavailable and the vulnerability is not yet listed in CISA\u2019s KEV catalog. The attack vector is remote, accessible via the web interface\u2019s formSetQosBand URL. A public exploit exists, raising the likelihood that attackers could already be leveraging this flaw in the field."}}}}, "created": "2026-03-23T09:53:10.354374+00:00", "updated": "2026-03-25T14:28:59.273435+00:00", "vendors": ["tenda", "tenda$PRODUCT$a18_pro"]}