CVE-2026-4252

Tenda · AC8

A vulnerability in the Tenda AC8 IPv6 Handler function allows remote attackers to bypass authentication by manipulating IPv6 address reliance.

Executive summary

A critical authentication bypass vulnerability in Tenda AC8 routers allows remote, unauthenticated attackers to gain unauthorized access to the device.

Vulnerability

This vulnerability exists in the check_is_ipv6 function of the IPv6 component, where improper handling of IP addresses allows for an authentication bypass. The flaw is remotely exploitable without requiring prior authentication.

Business impact

Successful exploitation allows an attacker to bypass authentication, potentially leading to full administrative control over the network device. Given the CVSS score of 9.8, this poses a severe risk of data interception, unauthorized network access, and potential pivot points into the internal local area network.

Remediation

Immediate Action: Update the Tenda AC8 firmware to the latest version provided by the manufacturer to patch the authentication logic.

Proactive Monitoring: Monitor network traffic for unusual IPv6-related activity and review administrative access logs for unauthorized login attempts.

Compensating Controls: If an update is unavailable, disable IPv6 functionality on the device and restrict management interfaces to trusted internal IP ranges.

Exploitation status

Public Exploit Available: Yes

Analyst recommendation

This vulnerability represents a critical security risk due to the ease of remote exploitation. Organizations using the affected Tenda AC8 devices should prioritize patching immediately or isolate the devices from external network access to prevent compromise.