CVE-2021-46262 – A stack buffer overflow vulnerability in the PP... (How to Fix)

Q: What is the severity of CVE-2021-46262?

CVE-2021-46262 has a CVSS score of 9.8 (CRITICAL). A stack buffer overflow vulnerability in the PPPoE module of Tenda AC Series Router AC11 firmware allows attackers to cause Denial of Service (DoS) by sending crafted overflow data. This affects users running the vulnerable firmware version on Tenda AC11 routers. The high CVSS score indicates critical severity with potential for remote exploitation.

📋 TL;DR

A stack buffer overflow vulnerability in the PPPoE module of Tenda AC Series Router AC11 firmware allows attackers to cause Denial of Service (DoS) by sending crafted overflow data. This affects users running the vulnerable firmware version on Tenda AC11 routers. The high CVSS score indicates critical severity with potential for remote exploitation.

💻 Affected Systems

Products:

Tenda AC Series Router AC11

Versions: AC11_V02.03.01.104_CN

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects specific firmware version for Chinese market variant. PPPoE must be enabled/configured for exploitation.

📦 What is this software?

Ac11 Firmware by Tenda

View all CVEs affecting Ac11 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router crash requiring physical reset, potential remote code execution leading to full device compromise, and persistent network disruption.

🟠

Likely Case

Router becomes unresponsive requiring reboot, disrupting all network connectivity for connected devices until manually restarted.

🟢

If Mitigated

Limited to temporary service interruption if proper network segmentation and monitoring are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repositories contain proof-of-concept code. Exploitation requires network access to router's PPPoE service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later firmware versions (check Tenda website for latest)

Vendor Advisory: https://www.tendacn.com/en/

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from Tenda website. 4. Upload and install new firmware. 5. Reboot router after installation.

🔧 Temporary Workarounds

Disable PPPoE

all

If PPPoE is not required, disable it to remove attack surface

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace router with updated model or different vendor
Implement strict network ACLs to limit access to router management interfaces

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Information

Check Version:

Login to router web interface and check System Status page

Verify Fix Applied:

Confirm firmware version is updated beyond AC11_V02.03.01.104_CN

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
PPPoE service failure messages
Unusual PPPoE connection attempts

Network Indicators:

Sudden loss of router connectivity
Abnormal PPPoE packet patterns
Router becoming unresponsive to pings

SIEM Query:

source="router_logs" AND ("crash" OR "reboot" OR "PPPoE error")

📊 Metadata

CVE ID: CVE-2021-46262

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 15, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/Ainevsia/CVE-Request/tree/main/Tenda/7 Exploit,Third Party Advisory
https://github.com/Ainevsia/CVE-Request/tree/main/Tenda/7 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46262, you might also want to check these: