Impact
The flaw is a stack buffer overflow in the wanSpeed parameter of the /goform/AdvSetMacMtuWan endpoint on Tenda AC7 devices running firmware version 15.03.06.44. The overflow can be exploited remotely to execute arbitrary code chosen by an attacker, compromising confidentiality, integrity, and availability of the device and the network it supports.
Affected Systems
Tenda AC7 routers with firmware build 15.03.06.44 are affected. No other vendors or product versions are listed as impacted.
Risk and Exploitability
The CVSS score is 9.8, but stack-based buffer overflows are generally high severity. EPSS is unavailable and the vulnerability is not listed in CISA KEV, suggesting no confirmed widespread exploitation yet. However, remote code execution is inherently dangerous; if the device’s WAN interface is exposed to the internet, attackers could exploit the endpoint over HTTP or HTTPS without payload delivery restrictions. Thus the risk is high and exploitation is plausible if exposure exists.
OpenCVE Enrichment