CVE 8.7 HIGH

Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow_CVE-2026-2203

February 8, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AI Analysis

Buffer overflow vulnerability in Tenda AC8 Embedded Httpd Service via manipulation of the timeZone argument in the /goform/fast_setting_wifi_set file

Basic Information

ID CVE-2026-2203

Source VulDB

Published Feb 9, 2026 at 02:02

Affected Product

Vendor Tenda

Product AC8

Version 16.03.33.05

Affected Versions Tenda AC8 16.03.33.05

CWE Classification

CWE-120 CWE-119

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Tenda

Product AC8

Version 16.03.33.05

References

{
    "lastseen": "",
    "description": "A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.",
    "published": "2026-02-09T02:02:10.131Z",
    "modified": "2026-02-09T02:02:10.131Z",
    "type": "cve",
    "title": "Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344906\nhttps://vuldb.com/?ctiid.344906\nhttps://vuldb.com/?submit.750226\nhttps://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/fastsettingwifiset-timezome.md\nhttps://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/fastsettingwifiset-timezome.md#poc\nhttps://www.tenda.com.cn/",
    "id": "CVE-2026-2203",
    "bulletinFamily": "",
    "cwe": [
        "CWE-120",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Tenda AC8 16.03.33.05",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AC8",
    "version": "16.03.33.05",
    "vendor": "Tenda",
    "ai_description": "Buffer overflow vulnerability in Tenda AC8 Embedded Httpd Service via manipulation of the timeZone argument in the /goform/fast_setting_wifi_set file",
    "ai_severity": "High",
    "ai_vendor": "Tenda",
    "ai_product": "AC8",
    "ai_version": "16.03.33.05",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply