Tenda A21 Firmware vulnerabilities

CVE-2026-2870 [HIGH] CWE-119 CVE-2026-2870: A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-2874 [HIGH] CWE-119 CVE-2026-2874: A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of t A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVE-2026-2872 [HIGH] CWE-119 CVE-2026-2872: A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the func A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been

CVE-2026-2873 [HIGH] CWE-119 CVE-2026-2873: A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of t A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CVE-2026-2886 [HIGH] CWE-119 CVE-2026-2886: A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of th A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2026-2871 [HIGH] CWE-119 CVE-2026-2871: A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of t A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.