A vulnerability classified as critical was found in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function
sscanf
of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow.
This vulnerability is reported as CVE-2025-11091. The attack can be launched remotely. Moreover, an exploit is present.