What is the CVSS score of CVE-2026-51843?

CVE-2026-51843 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Tenda AC7 are affected by CVE-2026-51843?

Tenda AC7 router firmware v15.03.06.44 contains a critical unauthenticated remote code execution vulnerability (CVE-2026-51843, CVSS 9.8) accessible over the network.

How to fix or mitigate CVE-2026-51843?

Within 24 hours: Identify and inventory all Tenda AC7 routers with firmware v15.03.06.44; disable remote management access via firewall rules blocking external connections to router management ports. Within 7 days: Implement network segmentation isolating affected routers from production systems; establish monitoring for requests to /goform/AdvSetMacMtuWan endpoint. Within 30 days: Execute hardware replacement plan to alternative router models from vendors with demonstrated patch release practices; evaluate any Tenda firmware updates as interim measure only, pending complete migration.

Tenda AC7 CVE-2026-51843

EUVD-2026-38049 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-06-19 cve@mitre.org

GHSA-8wjp-x79j-qqmp

Stack Overflow Buffer Overflow Tenda

9.8

CVSS 3.1 · Vendor: mitre

Severity by source

Vendor (mitre) PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vuln.today AI

9.8 CRITICAL

Web-reachable /goform endpoint with no stated auth gives AV:N/AC:L/PR:N/UI:N; stack overflow in router httpd typically yields root, so C:H/I:H/A:H, scope unchanged.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 22, 2026 - 19:08 vuln.today

CVSS changed

Jun 22, 2026 - 18:23 NVD

9.8 (CRITICAL)

CVE Published

Jun 19, 2026 - 17:16 cve.org

UNKNOWN (no severity yet)

DescriptionCVE.org

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.

AnalysisAI

Stack buffer overflow in Tenda AC7 router firmware v15.03.06.44 allows remote attackers to corrupt memory through the wanMTU parameter of the /goform/AdvSetMacMtuWan web management endpoint. The CVSS 9.8 rating reflects network-reachable, unauthenticated exploitation with full impact on confidentiality, integrity, and availability, though no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify exposed Tenda AC7 httpd

Delivery

Craft oversized wanMTU POST body

Exploit

Send request to /goform/AdvSetMacMtuWan

Install

Overflow stack buffer in httpd

Hijack saved return address

Execute

Execute shellcode as root

Impact

Pivot or persist on router

Recon

Identify exposed Tenda AC7 httpd

Delivery

Craft oversized wanMTU POST body

Exploit

Send request to /goform/AdvSetMacMtuWan

Install

Overflow stack buffer in httpd

Hijack saved return address

Execute

Execute shellcode as root

Impact

Pivot or persist on router

Vulnerability AssessmentAI

Exploitation	Exploitation requires network reachability to the AC7's HTTP management service on the affected firmware 15.03.06.44, plus the ability to issue a POST to the /goform/AdvSetMacMtuWan endpoint with an attacker-controlled wanMTU parameter; the CVSS vector marks PR:N and UI:N, implying no authentication or user interaction is needed, but the description does not explicitly confirm whether AdvSetMacMtuWan is reachable pre-authentication, so internet-wide pre-auth exploitation should be treated as plausible but not verified. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H portrays a worst-case remotely exploitable, unauthenticated flaw with full impact, yielding a 9.8 critical score; however, real-world risk hinges on whether the /goform/AdvSetMacMtuWan handler is reachable without prior authentication, which the description does not explicitly confirm - Tenda's web UI normally enforces session authentication, so the PR:N rating may overstate exposure if pre-auth reach is actually limited to the LAN side. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who can reach the AC7 web interface - either on the LAN or through a router whose remote management is enabled on the WAN - sends a crafted HTTP POST to /goform/AdvSetMacMtuWan with an oversized wanMTU value, overflowing the stack buffer in httpd and either crashing the router (denial of service) or, with a working ROP chain against the MIPS firmware, achieving code execution as the httpd process (typically root on Tenda devices). No public exploit identified at time of analysis, but stack overflow patterns in other Tenda /goform/* handlers have been weaponized historically, making POC development a realistic next step.
Remediation	No vendor-released patch identified at time of analysis; Tenda has not published an advisory or fixed firmware version in the supplied data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all Tenda AC7 routers with firmware v15.03.06.44; disable remote management access via firewall rules blocking external connections to router management ports. …

Threat intelligence, references, and detailed analysis are available after sign-in.