CVE-2026-4565Improper Restriction of Operations within the Bounds of a Memory Buffer in Ac21

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 77.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenda Ac21Tenda Ac21 Firmware
Timeline
PublishedMar 23

Description

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5tenda/ac2116.03.08.16
NVDtenda/ac21_firmware16.03.08.16

🔴Vulnerability Details

2
CVEList
Tenda AC21 SetNetControlList formSetQosBand buffer overflow2026-03-23
GHSA
GHSA-mcx9-w62j-hjwr: A vulnerability was detected in Tenda AC21 162026-03-23
CVE-2026-4565 — Tenda Ac21 vulnerability | cvebase