CVE-2026-2930

Name of the Vulnerable Software and Affected Versions Tenda A18 version 15.13.07.13

Description A flaw exists in the Tenda A18 device that could allow for remote code execution. The issue is located within the Httpd Service, specifically in the webCgiGetUploadFile() function found in the /cgi-bin/UploadCfg file. Manipulation of a boundary condition within this function can lead to a stack-based buffer overflow. The exploit for this issue is publicly available.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /cgi-bin/UploadCfg file.