Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-2870

8.8 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago

Tenda A21 formSetQosBand set_qosMib_list stack-based overflow

A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

References

VDB-347107 | Tenda A21 formSetQosBand set_qosMib_list stack-based overflow vdb-entrytechnical-description
VDB-347107 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #754627 | Tenda A21 V1.0.0.1 Stack-based Buffer Overflow third-party-advisory
https://github.com/QIU-DIE/cve-nneeww/issues/1 exploitissue-tracking
https://www.tenda.com.cn/ product

Affected products

A21

==1.0.0.0

Matching in nixpkgs

pkgs.winbox4

Graphical configuration utility for RouterOS-based devices

pkgs.jitsi-videobridge

WebRTC compatible video router

nixos-unstable videobridge2-2.3-249-g9a2123ad4
- nixpkgs-unstable videobridge2-2.3-249-g9a2123ad4
- nixos-unstable-small videobridge2-2.3-249-g9a2123ad4
nixos-25.11 videobridge2-2.3-249-g9a2123ad4
- nixos-25.11-small videobridge2-2.3-249-g9a2123ad4
- nixpkgs-25.11-darwin videobridge2-2.3-249-g9a2123ad4

pkgs.rocmPackages.hiprt

Ray tracing library for HIP

nixos-25.11 2.5.a21e075.3
- nixos-25.11-small 2.5.a21e075.3
- nixpkgs-25.11-darwin 2.5.a21e075.3

pkgs.tests.testers.runCommand.bork

None

nixos-unstable 4a214gc26j22
- nixpkgs-unstable 4a214gc26j22
- nixos-unstable-small 4a214gc26j22

Package maintainers

@savalet Savinien Petitjean <me@savalet.dev>
@Scrumplex Sefa Eyeoglu <contact@scrumplex.net>
@yrd Yannik Rödel <nix@yannik.info>
@Lassulus Lassulus <lassulus@gmail.com>
@yayayayaka Yaya <github@uwu.is>
@ryantm Ryan Mulligan <ryan@ryantm.com>
@novmar Marcel Novotny <novotny@marnov.cz>
@mksafavi MK Safavi <mksafavi@gmail.com>
@GZGavinZhao Gavin Zhao
@mschwaig Martin Schwaighofer <mschwaig+nixpkgs@eml.cc>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@Flakebi Sebastian Neubauer <flakebi@t-online.de>