Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Tenda A21 Router Allows Remote Attackers to Crash Device
CVE-2026-2886
Summary
A vulnerability in the Tenda A21 router's set_device_name function allows a remote attacker to crash the device. This could happen if a malicious user sends a specially crafted input to the device. To protect yourself, update your Tenda A21 to the latest firmware version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| tenda | a21_firmware | 1.0.0.0 | – |
Original title
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buf...
Original description
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
9.0
nvd CVSS3.1
8.8
nvd CVSS4.0
7.4
Vulnerability type
CWE-119
Buffer Overflow
CWE-121
Stack-based Buffer Overflow
- https://github.com/QIU-DIE/cve-nneeww/issues/6 Exploit Issue Tracking Mitigation Third Party Advisory
- https://vuldb.com/?ctiid.347180 Permissions Required VDB Entry
- https://vuldb.com/?id.347180 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.754640 Third Party Advisory VDB Entry
- https://www.tenda.com.cn/ Product
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026