Login Sign Up

CVE-2026-1638

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

This CVE describes a remote command injection vulnerability in Tenda AC21 routers. Attackers can execute arbitrary commands on affected devices by manipulating the dmzIp parameter in the mDMZSetCfg function. All users of vulnerable Tenda AC21 routers with internet-facing administration interfaces are at risk.

💻 Affected Systems

Products:
  • Tenda AC21
Versions: Firmware version 16.03.08.16
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with web administration interface exposed to network are vulnerable. The specific vulnerable file is /goform/mDMZSetCfg.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent backdoors, intercept network traffic, pivot to internal networks, or use the device for botnet activities.

🟠

Likely Case

Remote code execution leading to device takeover, credential theft, DNS hijacking, or participation in DDoS attacks.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and strong authentication.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploits exist.
🏢 Internal Only: MEDIUM - Attackers with internal network access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code is available on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: No

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Log into router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware.

🔧 Temporary Workarounds

Disable WAN Administration

all

Prevent remote access to router administration interface from internet

Network Segmentation

all

Place router in isolated network segment with restricted access

🧯 If You Can't Patch

  • Disable DMZ functionality completely in router settings
  • Implement strict firewall rules to block all WAN access to router administration ports

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 16.03.08.16, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Version page

Verify Fix Applied:

After firmware update, verify version has changed from 16.03.08.16 and test if /goform/mDMZSetCfg endpoint still accepts malicious input.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /goform/mDMZSetCfg
  • Suspicious command execution in router logs
  • Multiple failed authentication attempts

Network Indicators:

  • Unusual outbound connections from router
  • Traffic to known malicious IPs
  • Port scanning originating from router

SIEM Query:

source="router_logs" AND (uri="/goform/mDMZSetCfg" OR command="*;*" OR command="*|*")

📊 Metadata

CVE ID: CVE-2026-1638
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.83% exploit probability (74.1th percentile)
Published: January 30, 2026
Last Updated: February 4, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1638, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)