CVE-2021-40546
First published: Tue Sep 05 2023(Updated: )
Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenda Ac6 Firmware | =02.03.01.26 | |
| Tenda AC6 | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40546?
CVE-2021-40546 is a vulnerability in Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin that allows attackers with the administrator password to cause a denial of service (device crash) by sending a long string in the wifiPwd_5G parameter to /goform/setWifi.
How severe is CVE-2021-40546?
CVE-2021-40546 has a severity rating of 4.9 out of 10, indicating a medium severity.
How can attackers exploit CVE-2021-40546?
Attackers can exploit CVE-2021-40546 by using the administrator password to send a long string in the wifiPwd_5G parameter to /goform/setWifi, causing a denial of service and crashing the device.
Is Tenda AC6 firmware version 02.03.01.26 affected by CVE-2021-40546?
Yes, Tenda AC6 firmware version 02.03.01.26 is affected by CVE-2021-40546.
How can I fix CVE-2021-40546?
To fix CVE-2021-40546, it is recommended to update to a patched version of the firmware provided by Tenda.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/tenda
- canonical/tenda ac6 firmware
- version/tenda ac6 firmware/02.03.01.26
- canonical/tenda ac6
- version/tenda ac6/4.0