CVE-2026-2147

low-risk

Published 2026-02-08

A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Ac21 Firmware

Affected Vendors

Tenda

References (5)

Exploit https://github.com/master-abc/cve/issues/30

Permissions Required https://vuldb.com/?ctiid.344849

Third Party Advisory https://vuldb.com/?id.344849

Third Party Advisory https://vuldb.com/?submit.747429

Product https://www.tenda.com.cn/

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal