Nixpkgs security tracker

Untriaged

Permalink CVE-2026-2202

8.8 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.

References

VDB-344905 | Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow vdb-entrytechnical-description
VDB-344905 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #750225 | Tenda AC8 V16.03.33.05 Denial of Service third-party-advisory
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… related
https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/Tenda/AC8/… exploit
https://www.tenda.com.cn/ product

Affected products

AC8

==16.03.33.05

Matching in nixpkgs

pkgs.vimPlugins.nvim-treesitter-parsers.strace

Tree-sitter grammar for strace

nixos-unstable -
- nixpkgs-unstable 0.0.0+rev=ac874dd
- nixos-unstable-small 0.0.0+rev=ac874dd

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.vimPlugins.nvim-treesitter-parsers.strace