CVE-2026-4254 | Tenda AC8 up to 16.03.50.11 HTTP Endpoint /goform/SysToolChangePwd doSystemCmd local_2c stack-based overflow

Inserito da Angelo Barbosa | Mar 16, 2026 | CVE

A vulnerability was found in Tenda AC8 up to 16.03.50.11. It has been rated as critical. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow.

This vulnerability is handled as CVE-2026-4254. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-4254 | Tenda AC8 up to 16.03.50.11 HTTP Endpoint /goform/SysToolChangePwd doSystemCmd local_2c stack-based overflow

Post correlati

CVE-2024-8784 | QDocs Smart School Management System 7.0.0 Chat /user/chat/mynewuser users[] sql injection

CVE-2025-41375 | TESI Gandia Integra Total prior 4.4.2236.1 consultaincimails.php idestudio sql injection

CVE-2024-43604 | Microsoft Outlook on Android insufficient granularity of access control

CVE-2024-3935 | Eclipse Mosquitto up to 2.0.18 PUBLISH Packet double free (Issue 197)