CVE-2026-2877 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2026-2877?

CVE-2026-2877 has a CVSS score of 8.8 (HIGH). A stack-based buffer overflow vulnerability in Tenda A18 routers allows remote attackers to execute arbitrary code by exploiting the strcpy function in the WifiExtraSet component. This affects Tenda A18 routers running firmware version 15.13.07.13. Attackers can compromise the device remotely without authentication.

📋 TL;DR

A stack-based buffer overflow vulnerability in Tenda A18 routers allows remote attackers to execute arbitrary code by exploiting the strcpy function in the WifiExtraSet component. This affects Tenda A18 routers running firmware version 15.13.07.13. Attackers can compromise the device remotely without authentication.

💻 Affected Systems

Products:

Tenda A18

Versions: 15.13.07.13

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the HTTP service component. No special configuration required for exploitation.

📦 What is this software?

A18 Firmware by Tenda

View all CVEs affecting A18 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full device compromise, persistence, lateral movement to internal networks, and data exfiltration.

🟠

Likely Case

Router compromise allowing network traffic interception, DNS hijacking, credential theft, and botnet recruitment.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted WAN access and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via the HTTP service, making internet-facing devices immediate targets.

🏢 Internal Only: MEDIUM - Internal devices are still vulnerable to attacks from compromised internal hosts or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed. The vulnerability is in a strcpy function with predictable overflow conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.tenda.com.cn/

Restart Required: Yes

Instructions:

1. Check Tenda website for firmware updates. 2. Download latest firmware. 3. Upload via router admin interface. 4. Reboot router.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router admin interface

Login to router admin > Advanced > System Tools > Remote Management > Disable

Network Segmentation

all

Isolate router management interface to separate VLAN

🧯 If You Can't Patch

Replace affected router with different model/brand
Place router behind firewall with strict inbound rules blocking HTTP/HTTPS from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Status or About page

Check Version:

curl -s http://router-ip/goform/getStatus | grep version

Verify Fix Applied:

Verify firmware version is newer than 15.13.07.13 after update

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP POST requests to /goform/WifiExtraSet
Multiple failed login attempts followed by buffer overflow patterns

Network Indicators:

Unusual outbound connections from router
DNS queries to suspicious domains
Port scanning from router IP

SIEM Query:

source="router_logs" AND (uri="/goform/WifiExtraSet" OR "wpapsk_crypto5g")

📊 Metadata

CVE ID: CVE-2026-2877

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: February 21, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/master-abc/cve/issues/39 Issue Tracking
https://vuldb.com/?ctiid.347130 Permissions Required,VDB Entry
https://vuldb.com/?id.347130 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.754703 Third Party Advisory,VDB Entry
https://www.tenda.com.cn/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2877, you might also want to check these: