Impact
Tenda AC7 devices running firmware version 15.03.06.44 are vulnerable to a stack buffer overflow triggered by the cloneType parameter on the /goform/AdvSetMacMtuWan interface. The overflow allows an attacker to send a crafted request and overwrite the stack, potentially leading to arbitrary code execution with the privileges of the firmware process. The vulnerability does not specify a prerequisite such as authentication, so remotely accessible routers are at risk.
Affected Systems
The flaw applies to the Tenda AC7 router, specifically firmware builds marked as v15.03.06.44. No other vendors or product variants are listed, so the impact is limited to this model unless other builds share the same code path.
Risk and Exploitability
The CVSS score is 9.8, and the EPSS score is unavailable, so the exact exploit probability cannot be quantified. The vulnerability is listed as not included in CISA KEV, indicating that no widely observed exploitation has been reported yet. However, stack buffer overflows are generally considered high severity and the fact that the flaw is reachable via a web form suggests a remote attack vector. Until a patch is applied, the risk remains significant.
OpenCVE Enrichment