CVE-2026-2202
📋 TL;DR
A buffer overflow vulnerability in Tenda AC8 routers allows remote attackers to execute arbitrary code by manipulating the shareSpeed parameter in the WiFi guest network configuration. This affects Tenda AC8 routers running firmware version 16.03.33.05. The vulnerability is remotely exploitable without authentication.
💻 Affected Systems
- Tenda AC8
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete router compromise, credential theft, network traffic interception, and lateral movement into connected devices.
Likely Case
Router compromise leading to denial of service, configuration changes, or installation of persistent malware for network monitoring.
If Mitigated
Limited impact if router is behind firewall with restricted WAN access, though internal network attacks remain possible.
🎯 Exploit Status
Public proof-of-concept demonstrates exploitation. The vulnerability requires sending a crafted HTTP request to the router's web interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
Check Tenda's official website or support portal for firmware updates. If available, download and install the latest firmware through the router's web interface.
🔧 Temporary Workarounds
Disable WiFi Guest Network
allDisable the guest WiFi network feature to prevent access to the vulnerable function.
Access router web interface > WiFi Settings > Guest Network > Disable
Restrict Web Interface Access
linuxConfigure firewall rules to restrict access to the router's web management interface.
iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
🧯 If You Can't Patch
- Replace affected router with a different model or from a different vendor.
- Place router behind a dedicated firewall that blocks all inbound traffic to the router's management interface.
🔍 How to Verify
Check if Vulnerable:
Check router firmware version in web interface: Login > System Status > Firmware Version. If version is 16.03.33.05, device is vulnerable.Check Version:
curl -s http://router-ip/goform/getStatus | grep versionVerify Fix Applied:
After firmware update, verify version is no longer 16.03.33.05. Test by attempting to access the guest WiFi configuration page.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP POST requests to /goform/WifiGuestSet with long shareSpeed parameters
- Router crash or reboot logs
Network Indicators:
- HTTP traffic to router IP on port 80 with abnormal request sizes to WifiGuestSet endpoint
- Sudden changes in router configuration
SIEM Query:
source="router_logs" AND url="/goform/WifiGuestSet" AND (param="shareSpeed" AND length(value)>100)🔗 References
- https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/WifiGuestSet-sharespeed-bufferoverflow.md
- https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/WifiGuestSet-sharespeed-bufferoverflow.md#poc
- https://vuldb.com/?ctiid.344905
- https://vuldb.com/?id.344905
- https://vuldb.com/?submit.750225
- https://www.tenda.com.cn/
