CVE-2026-3044

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.34.06

Description A stack-based buffer overflow exists in the webCgiGetUploadFile function of the Httpd service, specifically within the /cgi-bin/UploadCfg API endpoint. The issue is due to improper handling of the boundary argument, allowing for remote exploitation. The exploit for this issue has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the webCgiGetUploadFile function until a patch is available.