Primary

Context

Tenda AC21 Buffer Overflow Vulnerability in SetNetControlList Function

Vulnerability

A buffer overflow vulnerability has been identified in the Tenda AC21 router running version 16.03.08.16. The issue arises in the SetNetControlList file, specifically within the formSetQosBand function. The vulnerability can be exploited remotely by manipulating the argument list, leading to a buffer overflow condition. This flaw is critical as it could potentially allow for remote code execution.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution or cause the device to crash.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the /goform/SetNetControlList endpoint, manipulating the 'list' argument to trigger the buffer overflow.

Added: Mar 23, 2026, 1:19 AM

Updated: Mar 23, 2026, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

9.1

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC21 Buffer Overflow Vulnerability in SetNetControlList Function

Vulnerability

Impact

Reproduction

Affected Products

Tenda AC21

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating