CVE-2026-4565

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published Mar 23, 2026

Vendor unknown

Description

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

References

https://github.com/hellonestor/killallbug/issues/14
https://github.com/hellonestor/killallbug/releases/tag/poc
https://vuldb.com/?ctiid.352402
https://vuldb.com/?id.352402
https://vuldb.com/?submit.775119