Description
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.
Published: 2026-06-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack buffer overflow occurs in the wanMTU parameter of the /goform/AdvSetMacMtuWan interface on the Tenda AC7 router running firmware 15.03.06.44. Maliciously crafted input can overwrite adjacent stack data, which may give an attacker the ability to execute arbitrary code with the privileges of the web‑interface process. The flaw is a classic stack‑based buffer overflow (CWE‑121).

Affected Systems

Only the Tenda AC7 model with firmware version 15.03.06.44 is documented as affected. No other Tenda devices or firmware releases have been identified as vulnerable in the available data.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, and the absence of an EPSS score leaves the exact exploitation probability uncertain but potentially high. Based on the description, it is inferred that the web interface is accessible over the network, so an attacker could trigger the overflow remotely by supplying an oversized wanMTU value without authentication. The exploit path is straightforward and requires no special host privileges beyond those of the web interface process.

Generated by OpenCVE AI on June 22, 2026 at 19:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check whether Tenda has released a firmware update that fixes the buffer overflow; if available, apply it immediately.
  • If no update exists, temporarily restrict access to the /goform/AdvSetMacMtuWan endpoint to trusted internal hosts with firewall or ACL rules.
  • Disable the WAN MTU setting via the web interface if it is not required, and monitor system logs for abnormal wanMTU submissions to detect potential exploitation attempts.

Generated by OpenCVE AI on June 22, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Mon, 22 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 /goform/AdvSetMacMtuWan via wanMTU

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 19 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 WAN MTU Configuration Stack Buffer Overflow in Tenda AC7 /goform/AdvSetMacMtuWan via wanMTU

Fri, 19 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac7
Vendors & Products Tenda
Tenda ac7

Fri, 19 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 WAN MTU Configuration
Weaknesses CWE-121

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T17:16:07.700Z

Reserved: 2026-06-08T00:00:00.000Z

Link: CVE-2026-51843

cve-icon Vulnrichment

Updated: 2026-06-22T15:40:45.661Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T20:00:06Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow