High severity8.8NVD Advisory· Published Mar 23, 2026· Updated Apr 3, 2026

CVE-2026-4565

Description

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.

Affected products

Tenda/Ac21 Firmware
cpe:2.3:o:tenda:ac21_firmware:16.03.08.16:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/hellonestor/killallbug/issues/14nvdExploitIssue Tracking
github.com/hellonestor/killallbug/releases/tag/pocnvdExploit
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry
www.tenda.com.cnnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000