CVE-2026-2872
Stack-Based Buffer Overflow in Tenda A21 MAC Filtering Endpoint
Publication date: 2026-02-21
Last updated on: 2026-02-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenda | a21_firmware | 1.0.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2872 is a critical stack-based buffer overflow vulnerability found in the Tenda A21 router, version 1.0.0.0. It exists in the MAC Filtering Configuration Endpoint, specifically in the function set_device_name within the file /goform/setBlackRule.
The vulnerability arises because the function uses the unsafe sprintf function to write the devName parameter into a fixed-size stack buffer without validating the input length. This allows an attacker to provide an excessively long devName value, causing a buffer overflow that overwrites the stack, including the saved frame pointer and return address.
This overflow can be exploited remotely without local access or physical interaction, potentially allowing the attacker to control the instruction pointer and execute arbitrary code on the device.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to several severe impacts on the affected device.'}, {'type': 'list_item', 'content': 'Remote Code Execution (RCE): An attacker can execute arbitrary shellcode or return-oriented programming (ROP) chains, leading to full system compromise with root privileges.'}, {'type': 'list_item', 'content': "Denial of Service (DoS): Sending a long payload can crash the router's HTTP daemon process, causing service disruption."}, {'type': 'list_item', 'content': 'Compromise of Confidentiality, Integrity, and Availability: The buffer overflow can impact all three security aspects of the device.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring network traffic for suspicious HTTP requests targeting the endpoint /goform/setBlackRule on Tenda A21 routers running firmware version 1.0.0.0. Specifically, look for requests that include an excessively long devName parameter, which is used to trigger the stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method is to use network traffic inspection tools or intrusion detection systems (IDS) to flag unusually long or malformed devName parameters in POST requests to /goform/setBlackRule.'}, {'type': 'paragraph', 'content': 'For example, using curl or similar tools, you can simulate a test request to check if the device responds abnormally or crashes when given a long devName string.'}, {'type': 'list_item', 'content': 'Use curl to send a long devName parameter to the vulnerable endpoint: curl -X POST http://<router-ip>/goform/setBlackRule -d "devName=$(python3 -c \'print("A"*10000)\')&mac=00:11:22:33:44:55"'}, {'type': 'list_item', 'content': 'Monitor router logs or HTTP daemon behavior for crashes or restarts after such requests.'}, {'type': 'list_item', 'content': 'Use network IDS rules to detect unusually long devName parameters in HTTP POST requests to /goform/setBlackRule.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Currently, no official mitigations or patches are available for this vulnerability in the affected Tenda A21 firmware version 1.0.0.0.'}, {'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': "Restrict remote access to the router's management interface to trusted networks or IP addresses to prevent exploitation from external sources."}, {'type': 'list_item', 'content': 'Disable or limit the MAC filtering configuration feature if possible, to reduce the attack surface.'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious requests targeting /goform/setBlackRule and block or alert on such activity.'}, {'type': 'list_item', 'content': 'Consider replacing the affected device with a more secure model or firmware version that does not contain this vulnerability.'}, {'type': 'paragraph', 'content': 'Long term, the vulnerability can be fixed by updating the firmware to replace unsafe sprintf calls with safer alternatives like snprintf and adding input validation to limit devName length.'}] [1, 2]