CVE-2026-51843: Tenda AC7 v15
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Stack-based buffer overflow in the Tenda AC7 v15.03.06.44 firmware allows a remote, unauthenticated attacker to send a crafted request to the /goform/AdvSetMacMtuWan interface via the wanMTU parameter. The vulnerability is reachable over the network with no credentials required and no user interaction needed. Successful exploitation gives the attacker full read, write, and execution capability on the device, enabling remote code execution. No upstream fix has been published; HarborGuard tracks the advisory for patch availability.
HarborGuard Coverage
Detection for CVE-2026-51843 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream feeds, including custom-built firmware or derivative images. Coverage extends to all images in connected registries and CI/CD pipelines.
AvailableHarborGuard is capable of scoring this CVE at its published CVSS v3.1 rating of 9.8 (Critical) and weighting that score against each environment's compliance policy to prioritize routing. Triage results are surfaced to the appropriate team inbox within each customer organization based on configured ownership rules.
AvailableNo fix version has been published for this CVE. HarborGuard re-evaluates the advisory each ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. Customers with auto-remediation enabled will receive a rebuild, regression-test run, and a PR opened against affected workloads as soon as a fix version becomes available.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable interface is exposed over the network, so an attacker must be able to reach the device's web management service remotely.
- AuthenticationNot required
No credentials of any privilege level are needed to send a malicious wanMTU parameter to the affected endpoint.
- Victim interactionNot required
The attacker sends a crafted HTTP request directly to the device; no user action or click is required.
- Attack complexityDetail
Exploit conditions are straightforward and reliable, with no race conditions, memory-layout dependencies, or special environmental factors required.
Blast Radius
- Attacker achieves remote code execution on the device, gaining full control of the firmware runtime.
- All data handled by the device, including network credentials, configuration secrets, and traffic passing through it, is readable by the attacker.
- The attacker can modify device configuration, redirect traffic, or inject malicious routing rules.
- The device can be crashed or rendered inoperable, disrupting network connectivity for all hosts behind it.
How HarborGuard Handles This
Available on HarborGuard: this CVE is monitored continuously against all customer images in connected registries and pipelines, with detection active within minutes of advisory ingestion. Because no upstream fix exists for Tenda AC7 v15.03.06.44 at this time, no patched-image rebuild is yet available. HarborGuard will make a rebuild available automatically the moment an upstream fix is published, and customers with auto-remediation enabled will receive a rebuilt image, a regression-test run, and a PR opened against affected workloads without manual intervention. In the interim, compensating controls to consider include network-policy isolation of the device's management interface, egress filtering to restrict access to the /goform/ endpoint from untrusted networks, and disabling remote web management if the feature is not operationally required.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H