CVE 8.7 HIGH

Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow_CVE-2026-2202

February 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda AC8's httpd component, allowing remote attackers to exploit the fromSetWifiGusetBasic function

Basic Information

ID CVE-2026-2202

Source VulDB

Published Feb 9, 2026 at 01:32

Affected Product

Vendor Tenda

Product AC8

Version 16.03.33.05

Affected Versions Tenda AC8 16.03.33.05

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC8

Version 16.03.33.05

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.",
    "published": "2026-02-09T01:32:09.560Z",
    "modified": "2026-02-09T01:32:09.560Z",
    "type": "cve",
    "title": "Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344905\nhttps://vuldb.com/?ctiid.344905\nhttps://vuldb.com/?submit.750225\nhttps://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/WifiGuestSet-sharespeed-bufferoverflow.md\nhttps://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/WifiGuestSet-sharespeed-bufferoverflow.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-2202",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC8 16.03.33.05",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC8",
    "version": "16.03.33.05",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC8's httpd component, allowing remote attackers to exploit the fromSetWifiGusetBasic function",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC8",
    "ai_version": "16.03.33.05",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply