CVE-2026-4493

HIGH

Tenda A18 Pro MAC Filtering Configuration Endpoint setMacFilterCfg sub_423B50 stack-based overflow

Title source: cna
STIX 2.1

Description

A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

References (5)

Scores

CVSS v3 8.8
EPSS 0.0006
EPSS Percentile 17.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-119 CWE-121
Status published
Products (1)
Tenda/A18 Pro 02.03.02.28
Published Mar 20, 2026
Tracked Since Mar 20, 2026