CVE-2026-2147

MEDIUM EPSS 40.3%

Published Feb 8, 20264mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 4.0

Medium

Published Feb 8, 2026 4mo ago

Last Modified Jun 17, 2026 1w ago

Description

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

CVSS Details

Base Score

5.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

40.3% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

CWE-284

Affected Products 2

Vendor	Product	Version	Range
tenda	ac21_firmware	16.03.08.16	any
tenda	ac21	*	any

References 5

github.com https://github.com/master-abc/cve/issues/30

ExploitIssue TrackingThird Party Advisory
vuldb.com https://vuldb.com/?ctiid.344849

Permissions RequiredVDB Entry
vuldb.com https://vuldb.com/?id.344849

Third Party AdvisoryVDB Entry
vuldb.com https://vuldb.com/?submit.747429

Third Party AdvisoryVDB Entry
tenda.com.cn https://www.tenda.com.cn/

Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.