CVE-2026-51846
Received Received - Intake
Stack Buffer Overflow in Tenda AC7 Router

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: MITRE

Description
In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-51846
EUVD
EUVD-2026-38052
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tenda ac7 15.03.06.44
tenda ac7 From 15.03.06.44 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-51846 is a stack buffer overflow vulnerability found in Tenda AC7 routers running firmware version V15.03.06.44 and possibly earlier versions.

The vulnerability exists in the /goform/AdvSetMacMtuWan route, specifically in the handling of the wanSpeed parameter.

The issue arises because the check_param_changed method uses the strcpy function to copy user input into a stack buffer without checking the size, allowing attackers to provide input that exceeds the buffer's capacity.

This can lead to a stack overflow, which attackers can exploit to execute arbitrary code remotely or cause denial-of-service conditions.

Impact Analysis

This vulnerability can allow an attacker to remotely execute arbitrary code on the affected Tenda AC7 router.

Remote arbitrary code execution could enable attackers to take control of the device, potentially leading to unauthorized access to the network.

Additionally, exploitation could cause denial-of-service attacks, disrupting network availability.

Detection Guidance

This vulnerability can be detected by sending a crafted POST request to the /goform/AdvSetMacMtuWan endpoint with an excessively long wanSpeed parameter value. Monitoring for such unusual or malformed POST requests targeting this route may help identify exploitation attempts.

A possible detection command could be using curl to test the endpoint with a long wanSpeed value, for example:

  • curl -X POST http://[router_ip]/goform/AdvSetMacMtuWan -d "wanSpeed=$(python3 -c 'print("A"*500)')"

Network intrusion detection systems (NIDS) can be configured to alert on POST requests to /goform/AdvSetMacMtuWan with unusually large wanSpeed parameters.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/AdvSetMacMtuWan by limiting management access to trusted networks or IP addresses.

Additionally, monitoring and blocking suspicious POST requests with abnormally long wanSpeed parameter values can help prevent exploitation.

If possible, update the router firmware to a version where this vulnerability is patched or contact the vendor for a security update.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-51846. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart