CVE-2021-46264 – A stack buffer overflow vulnerability in Tenda ... (How to Fix)

Q: What is the severity of CVE-2021-46264?

CVE-2021-46264 has a CVSS score of 9.8 (CRITICAL). A stack buffer overflow vulnerability in Tenda AC Series Router AC11 firmware allows attackers to cause Denial of Service (DoS) by sending specially crafted data to the onlineList module. This affects users running vulnerable firmware versions on Tenda AC11 routers. The high CVSS score indicates critical severity with potential for remote exploitation.

📋 TL;DR

A stack buffer overflow vulnerability in Tenda AC Series Router AC11 firmware allows attackers to cause Denial of Service (DoS) by sending specially crafted data to the onlineList module. This affects users running vulnerable firmware versions on Tenda AC11 routers. The high CVSS score indicates critical severity with potential for remote exploitation.

💻 Affected Systems

Products:

Tenda AC11 Router

Versions: AC11_V02.03.01.104_CN

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the Chinese firmware version; other regional versions may also be vulnerable

📦 What is this software?

Ac11 Firmware by Tenda

View all CVEs affecting Ac11 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise leading to persistent DoS, potential remote code execution, and network takeover

🟠

Likely Case

Router crash requiring physical reset, temporary network disruption, and service downtime

🟢

If Mitigated

Limited to DoS impact if proper network segmentation and access controls are implemented

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices directly accessible from WAN

🏢 Internal Only: MEDIUM - Could be exploited from internal network if attacker gains access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repositories contain proof-of-concept code; buffer overflow exploitation is well-understood

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later versions than AC11_V02.03.01.104_CN

Vendor Advisory: Not publicly documented by vendor

Restart Required: Yes

Instructions:

1. Log into router admin interface 2. Navigate to firmware update section 3. Download latest firmware from Tenda website 4. Upload and apply update 5. Reboot router

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface from untrusted networks

Access Control Lists

all

Restrict access to router management interface to trusted IPs only

🧯 If You Can't Patch

Replace vulnerable router with updated model or different vendor
Implement network monitoring for DoS attempts and buffer overflow patterns

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or Firmware Update section

Check Version:

Not applicable - check via web interface at 192.168.0.1 or 192.168.1.1

Verify Fix Applied:

Confirm firmware version is newer than AC11_V02.03.01.104_CN after update

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
Unusual traffic to onlineList module
Buffer overflow patterns in network logs

Network Indicators:

Excessive malformed packets to router port 80/443
DoS traffic patterns
Unusual HTTP requests to management interface

SIEM Query:

source="router_logs" AND (event="crash" OR event="reboot") OR http_uri="/onlineList" AND content_length>normal_threshold

📊 Metadata

CVE ID: CVE-2021-46264

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 15, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/Ainevsia/CVE-Request/tree/main/Tenda/9 Exploit,Third Party Advisory
https://github.com/Ainevsia/CVE-Request/tree/main/Tenda/9 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46264, you might also want to check these: