Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-2203

8.8 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 month, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse removed package vimPlugins.nvim-treesitter-parsers.strace 1 month, 1 week ago
@LeSuisse dismissed 1 month, 1 week ago

Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

References

VDB-344906 | Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow vdb-entry technical-description
VDB-344906 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #750226 | Tenda AC8 V16.03.33.05 Denial of Service third-party-advisory
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… related
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… exploit
https://www.tenda.com.cn/ product

Affected products

AC8

==16.03.33.05

Not present in nixpkgs

Suggestion detail

References

Affected products