Impact
The vulnerability is a stack buffer overflow in the /goform/AdvSetMacMtuWan interface of the Tenda AC7 router. An attacker can send a crafted request containing an overly long mac parameter to overflow the stack. The description does not state the consequences beyond the stack overflow.
Affected Systems
Tenda AC7 router running firmware version 15.03.06.44 is affected. No other vendor or product versions are listed as impacted.
Risk and Exploitability
EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, so precise exploitation probability remains uncertain. It is inferred that a remote attacker could exploit the vulnerability by sending a malicious HTTP request to /goform/AdvSetMacMtuWan with an excessively long mac parameter, given access to the router’s web interface. The CVSS score of 9.8 indicates a critical severity.
OpenCVE Enrichment