Description
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.
Published: 2026-06-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack buffer overflow in the /goform/AdvSetMacMtuWan interface of the Tenda AC7 router. An attacker can send a crafted request containing an overly long mac parameter to overflow the stack. The description does not state the consequences beyond the stack overflow.

Affected Systems

Tenda AC7 router running firmware version 15.03.06.44 is affected. No other vendor or product versions are listed as impacted.

Risk and Exploitability

EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, so precise exploitation probability remains uncertain. It is inferred that a remote attacker could exploit the vulnerability by sending a malicious HTTP request to /goform/AdvSetMacMtuWan with an excessively long mac parameter, given access to the router’s web interface. The CVSS score of 9.8 indicates a critical severity.

Generated by OpenCVE AI on June 22, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that patches the stack buffer overflow
  • If no patch is available, block or disable the /goform/AdvSetMacMtuWan interface using a firewall rule or router ACL
  • Restrict external access to the router’s administrative interface to the local network only

Generated by OpenCVE AI on June 22, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Mon, 22 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 /goform/AdvSetMacMtuWan Interface

Mon, 22 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 Advanced MAC MTU WAN Interface
Weaknesses CWE-120

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 19 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Tenda
Tenda ac7
Vendors & Products Tenda
Tenda ac7

Fri, 19 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in Tenda AC7 Advanced MAC MTU WAN Interface
Weaknesses CWE-120

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T17:15:53.956Z

Reserved: 2026-06-08T00:00:00.000Z

Link: CVE-2026-51845

cve-icon Vulnrichment

Updated: 2026-06-22T15:38:45.723Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T23:00:11Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow