CVE-2026-2147 identifies a security weakness in the Tenda AC21 router firmware version 16.03.08.16, specifically within the web management interface component. The vulnerability resides in the /cgi-bin/DownloadLog CGI endpoint, which is designed to allow users to download router logs. Due to insufficient access controls or improper input validation, an attacker can remotely manipulate requests to this endpoint to disclose sensitive information stored or processed by the router. The vulnerability does not require any authentication, user interaction, or privileges, making it accessible to unauthenticated remote attackers over the network. The disclosed information could include system logs, configuration details, or other sensitive data that may facilitate further attacks or reconnaissance. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) indicates a network attack vector with low complexity and no privileges or user interaction required, but the impact is limited to confidentiality with no integrity or availability effects. Although no public exploits are currently observed in the wild, the exploit code has been made publicly available, increasing the risk of exploitation. No official patches or firmware updates have been released at the time of this analysis, leaving affected devices vulnerable. The vulnerability’s presence in a widely used consumer and small business router model raises concerns about the potential scale of impact, especially in environments where remote management interfaces are exposed to untrusted networks.

For European organizations, the information disclosure vulnerability in Tenda AC21 routers could lead to unauthorized access to sensitive router logs and configuration data. This exposure can facilitate further targeted attacks such as credential theft, network reconnaissance, or exploitation of other vulnerabilities. Organizations relying on these routers for perimeter or internal network management may face increased risk of lateral movement or data leakage. Although the vulnerability does not directly impact system integrity or availability, the confidentiality breach could undermine network security posture and trust. Small and medium enterprises, home offices, and branch offices using Tenda AC21 devices without strict network segmentation or access controls are particularly vulnerable. The lack of authentication requirement and remote exploitability means attackers can attempt exploitation from anywhere, increasing the threat surface. Additionally, the public availability of exploit code lowers the barrier for attackers, potentially leading to opportunistic scanning and exploitation campaigns targeting European networks.

1. Immediately restrict access to the router’s web management interface by disabling remote management or limiting it to trusted IP addresses via firewall rules. 2. Implement network segmentation to isolate management interfaces from untrusted networks, including the internet. 3. Monitor network traffic for unusual or repeated requests to /cgi-bin/DownloadLog and other sensitive endpoints, using IDS/IPS or SIEM solutions. 4. Regularly audit router configurations and logs for signs of unauthorized access or information leakage. 5. Apply firmware updates or patches from Tenda as soon as they become available to address this vulnerability. 6. If firmware updates are not yet available, consider temporary mitigations such as disabling the vulnerable CGI endpoint if possible or replacing affected devices with models not impacted by this vulnerability. 7. Educate network administrators about the risks of exposing management interfaces and enforce strong authentication and access control policies. 8. Conduct vulnerability scanning and penetration testing to identify exposure of vulnerable devices within the network environment.