CVE-2026-1637Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac21

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.0%
top 88.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac21Tenda Ac21 Firmware
Timeline
PublishedJan 29
Latest updateJan 30

Description

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac2116.03.08.16
NVDtenda/ac21_firmware16.03.08.16

🔴Vulnerability Details

2
GHSA
GHSA-h376-wgw6-6272: A vulnerability was identified in Tenda AC21 162026-01-30
CVEList
Tenda AC21 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow2026-01-29
CVE-2026-1637 — Tenda Ac21 vulnerability | cvebase