CVE-2026-2873

HighPublic PoC

Published: 21 February 2026

Published

21 February 2026

Modified

23 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit…

is now public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of inputs such as schedStartTime and schedEndTime to prevent stack-based buffer overflows in the setSchedWifi function.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms like stack canaries and non-executable stacks to mitigate exploitation of the stack-based buffer overflow.

SI-2 Flaw Remediation good match

prevent

Mandates timely remediation of the identified buffer overflow flaw in Tenda A21 firmware via patching or updates.

Security SummaryAI

CVE-2026-2873 is a stack-based buffer overflow vulnerability in Tenda A21 version 1.0.0.0, affecting the setSchedWifi function within the /goform/openSchedWifi endpoint. The issue arises from improper handling of the schedStartTime and schedEndTime arguments, allowing overflow conditions during manipulation. This flaw, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A remote attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation triggers the buffer overflow, potentially enabling arbitrary code execution, data corruption, or denial of service, with high impacts on confidentiality, integrity, and availability.

Advisories and details are available via VulDB entries (ctiid.347110, id.347110, submit.754635) and a GitHub issue at QIU-DIE/cve-nneeww/issues/4, alongside the vendor site at tenda.com.cn. The exploit is publicly available, increasing the risk of widespread use.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

a21 firmware

1.0.0.0

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in web endpoint allows remote low-privileged authenticated attacker to achieve arbitrary code execution, directly facilitating exploitation of remote services (T1210) and exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/QIU-DIE/cve-nneeww/issues/4
Exploit, Issue Tracking, Mitigation, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.347110
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.347110
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.754635
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com