Nixpkgs security tracker

Untriaged

Permalink CVE-2026-2203

8.8 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow

A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

References

VDB-344906 | Tenda AC8 Embedded Httpd Service fast_setting_wifi_set buffer overflow vdb-entrytechnical-description
VDB-344906 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #750226 | Tenda AC8 V16.03.33.05 Denial of Service third-party-advisory
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… related
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… exploit
https://www.tenda.com.cn/ product

Affected products

AC8

==16.03.33.05

Matching in nixpkgs

pkgs.vimPlugins.nvim-treesitter-parsers.strace

Tree-sitter grammar for strace

nixos-unstable -
- nixpkgs-unstable 0.0.0+rev=ac874dd
- nixos-unstable-small 0.0.0+rev=ac874dd

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.vimPlugins.nvim-treesitter-parsers.strace