Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-2202

8.8 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 month, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 2 weeks ago
@LeSuisse removed package vimPlugins.nvim-treesitter-parsers.strace 1 month, 1 week ago
@LeSuisse dismissed 1 month, 1 week ago

Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

References

https://www.tenda.com.cn/ product
VDB-344905 | Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow vdb-entry technical-description
VDB-344905 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #750225 | Tenda AC8 V16.03.33.05 Denial of Service third-party-advisory
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… related
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… exploit

Affected products

AC8

==16.03.33.05

Not present in nixpkgs

Suggestion detail

References

Affected products