CVE-2026-2147

Published: Feb 8, 2026Modified: Feb 10, 2026

5.5

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Affected (1)

Products: Tenda: Ac21 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenda Ac21 Firmware	Version 16.03.08.16

Running on/with	Platform Versions
Tenda Ac21	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

https://github.com/master-abc/cve/issues/30

Source: cna@vuldb.com

ExploitIssue TrackingThird Party Advisory

https://vuldb.com/?ctiid.344849

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.344849

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.747429

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.tenda.com.cn/

Source: cna@vuldb.com

Product

Timeline

No history available yet.