CVE-2026-2202
Remote Buffer Overflow in Tenda AC8 httpd Component
Publication date: 2026-02-09
Last updated on: 2026-02-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | ac8_firmware | 16.03.33.05 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2202 is a buffer overflow vulnerability found in the Tenda AC8 router running firmware version 16.03.33.05. It exists in the WifiGuestSet interface of the embedded httpd service, specifically in the handling of the user-supplied parameter "shareSpeed." The vulnerability occurs because the input for this parameter is not properly validated for length before being copied to an output buffer.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this flaw by sending a specially crafted HTTP request with an excessively long value for the "shareSpeed" parameter, which triggers the buffer overflow.'}, {'type': 'paragraph', 'content': 'This vulnerability can be exploited remotely without requiring local access or physical interaction.'}] [1, 2]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to a denial-of-service (DoS) condition on the affected device by causing the buffer overflow.
Additionally, the vulnerability potentially allows attackers to compromise the confidentiality, integrity, and availability of the device.
Since the attack can be launched remotely, it increases the risk of unauthorized access or disruption without physical presence.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP requests sent to the /goform/WifiGuestSet endpoint on the Tenda AC8 router, specifically looking for unusually long or malformed values in the shareSpeed parameter.'}, {'type': 'paragraph', 'content': 'Since the exploit involves sending a specially crafted HTTP request with an excessively long shareSpeed value, detection can be done by capturing and analyzing network traffic for such suspicious requests.'}, {'type': 'paragraph', 'content': 'Commands to detect this might include using network packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/WifiGuestSet and inspecting the shareSpeed parameter length.'}, {'type': 'list_item', 'content': "tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'shareSpeed'"}, {'type': 'list_item', 'content': 'Use Wireshark to filter HTTP requests with the display filter: http.request.uri contains "/goform/WifiGuestSet" and inspect the shareSpeed parameter for abnormally long values.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint by limiting network exposure of the Tenda AC8 router, such as disabling remote management or firewalling access to the device.
Since no known mitigations or patches are currently available, it is recommended to replace the affected product with an alternative device that is not vulnerable.
Additionally, monitoring for exploit attempts and applying network-level protections such as intrusion detection/prevention systems (IDS/IPS) to block suspicious HTTP requests targeting the shareSpeed parameter can help reduce risk.