Impact
A stack buffer overflow occurs in the wanMTU parameter of the /goform/AdvSetMacMtuWan interface on the Tenda AC7 router running firmware 15.03.06.44. Maliciously crafted input can overwrite adjacent stack data, which may give an attacker the ability to execute arbitrary code with the privileges of the web‑interface process. The flaw is a classic stack‑based buffer overflow (CWE‑121).
Affected Systems
Only the Tenda AC7 model with firmware version 15.03.06.44 is documented as affected. No other Tenda devices or firmware releases have been identified as vulnerable in the available data.
Risk and Exploitability
The CVSS score of 9.8 indicates a critical severity, and the absence of an EPSS score leaves the exact exploitation probability uncertain but potentially high. Based on the description, it is inferred that the web interface is accessible over the network, so an attacker could trigger the overflow remotely by supplying an oversized wanMTU value without authentication. The exploit path is straightforward and requires no special host privileges beyond those of the web interface process.
OpenCVE Enrichment