What is CVE-2021-31755?

CVE-2021-31755 represents a critical stack buffer overflow vulnerability in Tenda AC11 devices. Attackers can exploit this flaw to execute arbitrary code, necessitating immediate remediation actions.

What is the severity of CVE-2021-31755?

CVE-2021-31755 has a severity rating of CRITICAL with a CVSS base score of 9.8.

Is CVE-2021-31755 in CISA KEV?

Yes. CVE-2021-31755 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2021-31755 | Critical Vulnerability in Tenda AC11 Firmware

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. This vulnerability allows attackers to execute arbitrary code on the system via a crafted post request targeting /goform/setmac. With a CVSS score of 9.8, this vulnerability is classified as critical and poses a significant risk to organizations using affected devices.

Risk to organizations includes unauthorized access and control over the device, potentially leading to further attacks on the network. Exploitation is possible through the network without requiring any privileges or user interaction, significantly increasing the urgency for organizations to address this vulnerability.

Organizations should prioritize patching immediately to mitigate risks associated with this vulnerability. The vulnerability was published on May 7, 2021, and has been analyzed for its potential impact.

The urgency for remediation is high, and organizations should follow vendor instructions to apply necessary updates.

Vulnerability Details

The critical vulnerability identified as CVE-2021-31755 affects the Tenda AC11 firmware versions up to 02.03.01.104_CN. The root cause of this vulnerability lies in a stack buffer overflow within the /goform/setmac function. This flaw allows attackers to execute arbitrary code by sending specially crafted post requests.

The CVSS score for this vulnerability is 9.8, indicating a critical severity level. The attack vector is classified as network-based, with low complexity, and no privileges or user interaction is required. The impacts on confidentiality, integrity, and availability are all rated as high.

Technical Analysis

The root cause of this vulnerability stems from inadequate input validation in the /goform/setmac handler. This lack of validation allows for the overflow of the stack buffer, leading to arbitrary code execution. The attack vector is network-based, meaning that an attacker can exploit this vulnerability remotely without any physical access to the device.

The attack complexity is low, as the vulnerability can be exploited with minimal effort. No privileges are required by the attacker, and user interaction is not necessary. If successfully exploited, this vulnerability can lead to severe consequences, including loss of confidentiality, integrity, and availability.

Risk & Impact Analysis

The deployment of affected Tenda AC11 devices in organizations poses a high risk due to the potential for arbitrary code execution. Given the critical nature of this vulnerability, organizations should assess their exposure and prioritize remediation efforts. The potential blast radius includes not only the compromised device but also the broader network it connects to.

Organizations should address this vulnerability urgently, as the CVSS score indicates a critical risk. The presence of this vulnerability in known exploited vulnerabilities catalog further emphasizes the necessity for immediate action.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected version is Tenda AC11 firmware versions up to 02.03.01.104_CN. Organizations should check their devices to confirm their firmware version and take appropriate actions.

Mitigation & Remediation

Organizations should apply updates per vendor instructions to mitigate this vulnerability. If a patch is not available, consider implementing network controls to restrict access to the affected devices. Continuous monitoring for any unusual behavior is crucial.

For further guidance, organizations may refer to penetration testing services to validate security measures.

Detection Guidance

Monitoring should focus on log indicators that suggest unauthorized access or unusual requests to the /goform/setmac endpoint. Behavioral anomalies and network signatures associated with exploit attempts should also be tracked.

AppSecure Threat Intelligence Insight

This vulnerability highlights a significant risk in IoT devices, particularly in router firmware. Organizations should take proactive steps to secure their devices and continuously assess their security posture. For further insights on security testing best practices, refer to penetration testing methodology and vulnerability management program design to strengthen defenses against such vulnerabilities.

Understanding the patterns of such vulnerabilities enables security teams to better prepare for potential threats and enhances overall security resilience.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-31755: Critical Vulnerability in Tenda AC11 Firmware