Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda AC8 Router Upload Function Crashes from Malicious File
CVE-2026-3044
Summary
A security issue affects the Tenda AC8 router's upload function, allowing an attacker to cause the router to crash remotely by sending a specially crafted file. This could lead to a denial of service, affecting internet access. Update the router's software to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | ac8_firmware | 16.03.34.06 | – |
Original title
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argumen...
Original description
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/master-abc/cve/issues/43 Issue Tracking
- https://vuldb.com/?ctiid.347400 Permissions Required VDB Entry
- https://vuldb.com/?id.347400 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.757240 Third Party Advisory VDB Entry
- https://www.tenda.com.cn/ Product
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026