Description
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.
Published: 2026-06-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Tenda AC7 devices running firmware version 15.03.06.44 are vulnerable to a stack buffer overflow triggered by the cloneType parameter on the /goform/AdvSetMacMtuWan interface. The overflow allows an attacker to send a crafted request and overwrite the stack, potentially leading to arbitrary code execution with the privileges of the firmware process. The vulnerability does not specify a prerequisite such as authentication, so remotely accessible routers are at risk.

Affected Systems

The flaw applies to the Tenda AC7 router, specifically firmware builds marked as v15.03.06.44. No other vendors or product variants are listed, so the impact is limited to this model unless other builds share the same code path.

Risk and Exploitability

The CVSS score is 9.8, and the EPSS score is unavailable, so the exact exploit probability cannot be quantified. The vulnerability is listed as not included in CISA KEV, indicating that no widely observed exploitation has been reported yet. However, stack buffer overflows are generally considered high severity and the fact that the flaw is reachable via a web form suggests a remote attack vector. Until a patch is applied, the risk remains significant.

Generated by OpenCVE AI on June 22, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to the latest version or apply any vendor-provided patch for the AdvSetMacMtuWan interface.
  • If a firmware update is not immediately available, limit exposure by disabling or restricting WAN-side access to the router’s web management interface, or by blocking the /goform/AdvSetMacMtuWan URL in a firewall or ACL.
  • As a last resort, isolate the router from external networks or remove the affected firmware from network devices while a secure version is deployed.

Generated by OpenCVE AI on June 22, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Wed, 24 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac7
Vendors & Products Tenda
Tenda ac7

Mon, 22 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 Router 'AdvSetMacMtuWan' Interface

Mon, 22 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 Router Firmware via cloneType Parameter
Weaknesses CWE-120

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 19 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 Router Firmware via cloneType Parameter
Weaknesses CWE-120

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T17:16:00.717Z

Reserved: 2026-06-08T00:00:00.000Z

Link: CVE-2026-51844

cve-icon Vulnrichment

Updated: 2026-06-22T15:39:57.191Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:41:58Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow