Submit #657126: Tenda AC21 ≤V16.03.08.16 Buffer Overflowinfo

TitleTenda AC21 ≤V16.03.08.16 Buffer Overflow
DescriptionA buffer overflow vulnerability was discovered on the latest version of the Tenda AC21 router, V16.03.08.16, where an attacker sent a well-crafted http post packet to the request path /goform/WifiExtraSet, triggering a denial of service attack or even RCE, specifically via the function strcpy(tkip_aes, tkip_aes_1); because there is no bounds check on tkip_aes, causing a stack overflow
Source⚠️ https://github.com/lin-3-start/lin-cve/blob/main/Tenda%20AC21/Tenda%20AC21%20Buffer%20overflow.md
User
 QMSSDXN (UID 88719)
Submission09/17/2025 10:20 (9 months ago)
Moderation09/22/2025 07:10 (5 days later)
StatusAccepted
VulDB entry325200 [Tenda AC21 16.03.08.16 /goform/WifiExtraSet sub_45BB10 wpapsk_crypto buffer overflow]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!