CVE-2026-51845: Tenda AC7 v15
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Stack-based buffer overflow in Tenda AC7 v15.03.06.44 router firmware. The vulnerability is reachable over the network with no authentication required, via the /goform/AdvSetMacMtuWan interface by sending a crafted mac parameter. Successful exploitation gives the attacker full control over the affected device, including reading sensitive data, modifying configuration, and crashing or executing code on the device. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix is published.
HarborGuard Coverage
Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI/CD pipelines, including custom-built firmware or embedded-Linux container images derived from the affected Tenda AC7 codebase.
AvailableHarborGuard is capable of scoring this finding at CVSS 9.8 (Critical) and weighting it against each customer environment's compliance policy to determine urgency. Triage routing is available to direct the finding to the appropriate team or inbox within each customer organization.
AvailableNo fix version has been published by the vendor for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable interface is exposed over the network, so an attacker must be able to send HTTP requests to the device's web management service.
- AuthenticationNot required
No credentials or account are needed; the /goform/AdvSetMacMtuWan endpoint accepts unauthenticated requests.
- Victim interactionNot required
No user action is needed on the target device; the attacker sends a crafted request directly.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special preconditions, race conditions, or knowledge of memory layout.
Blast Radius
- Attacker reads sensitive data stored on the device, such as credentials, network configuration, and session material.
- Attacker overwrites firmware configuration or injects persistent changes to device behavior.
- Attacker crashes the device management process, causing a denial of service and loss of network connectivity for downstream clients.
- Attacker achieves arbitrary code execution on the device with the privileges of the web server process, enabling full device takeover.
How HarborGuard Handles This
Available on HarborGuard: this CVE is flagged at Critical severity (CVSS 9.8) and matched against any image in a customer's registry or pipeline that bundles the affected Tenda AC7 firmware components. Because no vendor fix exists at this time, HarborGuard monitors the advisory on every ingest cycle. When an upstream patch is published, a patched-image rebuild becomes available immediately, and customers with auto-remediation enabled will receive an automatic rebuild, regression-test run, and a PR opened against affected workloads. Until a fix is available, compensating controls worth considering include network-policy isolation to block unauthenticated access to the device's web management port, egress filtering to limit lateral movement if the device is compromised, and disabling remote management features where operationally feasible.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H