CVE-2026-2202 is a buffer overflow vulnerability identified in the Tenda AC8 router firmware version 16.03.33.05. The vulnerability resides in the fromSetWifiGusetBasic function of the /goform/WifiGuestSet endpoint within the embedded httpd service. Specifically, the flaw arises from improper handling of the shareSpeed argument, which can be manipulated by a remote attacker to overflow a buffer. This overflow can lead to memory corruption, potentially allowing arbitrary code execution or causing the device to crash (denial of service). The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 base score is 8.7, reflecting high severity due to the ease of exploitation (network vector, low attack complexity), no privileges required, and the high impact on confidentiality, integrity, and availability. Although no known exploits are currently active in the wild, a public exploit has been published, increasing the likelihood of attacks. The affected product, Tenda AC8, is a widely used consumer and small business router, often deployed in home and office environments. The lack of an official patch or firmware update at the time of disclosure increases the urgency for mitigations. Attackers exploiting this vulnerability could gain control over the router, intercept or manipulate network traffic, or disrupt network connectivity.

The impact of CVE-2026-2202 is significant for organizations and individuals relying on Tenda AC8 routers. Successful exploitation can lead to full compromise of the router, enabling attackers to execute arbitrary code with high privileges. This can result in interception of sensitive data, network traffic manipulation, creation of persistent backdoors, or complete denial of service by crashing the device. For enterprises, this could mean exposure of internal network traffic or disruption of business-critical connectivity. For home users, it could lead to privacy breaches or use of the device as a foothold for further attacks. The vulnerability's remote exploitability without authentication broadens the attack surface, allowing attackers to target vulnerable devices directly over the internet or local networks. Given the widespread use of Tenda AC8 in various regions, the potential scale of impact is considerable, especially where devices are exposed to untrusted networks.

1. Immediately restrict access to the /goform/WifiGuestSet endpoint by implementing firewall rules or access control lists to block external and untrusted network access. 2. Disable guest Wi-Fi functionality if not required, as the vulnerability is triggered via the guest Wi-Fi settings interface. 3. Monitor network traffic for unusual requests targeting the shareSpeed parameter or the vulnerable endpoint. 4. Apply any official firmware updates from Tenda as soon as they become available; regularly check vendor advisories. 5. If no patch is available, consider replacing affected devices with alternative hardware not impacted by this vulnerability. 6. Segment vulnerable devices on isolated network segments to limit exposure. 7. Employ network intrusion detection systems (NIDS) with signatures for known exploit attempts targeting this vulnerability. 8. Educate users and administrators about the risk and signs of compromise related to this vulnerability.