CVE-2026-2876

High

Published: 21 February 2026

Published

21 February 2026

Modified

23 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and…

may be utilized.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates the deviceList argument in parse_macfilter_rule to prevent stack-based buffer overflow from malformed or oversized inputs.

SI-16 Memory Protection good match

prevent

Implements memory protections like stack canaries and non-executable stacks to mitigate exploitation of the buffer overflow vulnerability.

SI-2 Flaw Remediation good match

preventrecover

Remediates the specific stack-based buffer overflow flaw in /goform/setBlackRule through timely patching and flaw correction processes.

Security SummaryAI

CVE-2026-2876 is a stack-based buffer overflow vulnerability affecting the Tenda A18 router on firmware version 15.13.07.13, published on 2026-02-21. The flaw exists in the parse_macfilter_rule function of the /goform/setBlackRule file, where manipulation of the deviceList argument triggers the overflow. It is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability is remotely exploitable over the network with low attack complexity, requiring low privileges such as basic authentication but no user interaction. An attacker could send a crafted request to the affected endpoint, causing the buffer overflow and potentially achieving high impacts including unauthorized access to sensitive data, modification of system integrity, or denial of service through crashes or code execution.

Advisories on VulDB (ctiid.347114, id.347114, submit.754675) and a GitHub issue (master-abc/cve/issues/38) document the vulnerability details, noting that the exploit has been publicly disclosed and may be utilized. The Tenda manufacturer's website (tenda.com.cn) is referenced for potential further information.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

a18 firmware

15.13.07.13

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in router's web management interface (/goform/setBlackRule) allows remote exploitation over network (AV:N/PR:L) for code execution, directly mapping to T1190 (Exploit Public-Facing Application) and T1210 (Exploitation of Remote Services).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/master-abc/cve/issues/38
Issue Tracking · cna@vuldb.com
https://vuldb.com/?ctiid.347114
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.347114
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.754675
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com