LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-42924

CVE-2026-42924 - Vulnerability Analysis

HighCVSS: 8.7

Last Updated: May 13, 2026

Unspecified Product - Privilege Escalation

Published: May 13, 2026Updated: May 13, 2026Remote Exploitable

Overview

An unspecified vendor's product contains a privilege escalation caused by authenticated attackers with Resource Administrator or Administrator roles creating SNMP configuration objects through iControl SOAP, letting attackers escalate privileges, exploit requires authenticated Resource Administrator or Administrator role.

Severity & Score

Severity: High
CVSS Score: 8.7
EPSS Score: 5.3%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers with specific roles can escalate their privileges, potentially gaining full administrative control.

Mitigation

Update to the latest supported version or apply vendor patches.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42924 - High (8.7) An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42924/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42924 - High (8.7) An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42924/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42924 - High (8.7) An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42924/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42924 - High (8.7) An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation. Note: Software versions which have reached End of Technical Support (E... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42924/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-42924
Severity
High
CVSS Score
8.7
Type
broken_access_control
Status
unconfirmed
EPSS
5.3%
Social Posts
4

CWE

  • CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS Score

5.3%Probability of exploitation in the next 30 days