What is the CVSS score of CVE-2026-51845?

CVE-2026-51845 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of Tenda AC7 are affected by CVE-2026-51845?

The Tenda AC7 router (firmware v15.03.06.44) contains a critical vulnerability enabling remote, unauthenticated attacks against any organization using this SOHO model.

How to fix or mitigate CVE-2026-51845?

Within 24 hours: Identify and inventory all Tenda AC7 units currently deployed; immediately implement network isolation and disable remote administrative access. Within 7 days: Procure replacement router hardware from vendors with active security support and establish a migration timeline with IT leadership. Within 30 days: Complete replacement of all affected Tenda AC7 routers and implement enhanced monitoring of outbound network traffic for signs of compromise.

Tenda AC7 CVE-2026-51845

EUVD-2026-38051 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-06-19 cve@mitre.org

GHSA-m32v-ppvw-wwc8

Stack Overflow Buffer Overflow Tenda

9.8

CVSS 3.1 · Vendor: mitre

Severity by source

Vendor (mitre) PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vuln.today AI

9.8 CRITICAL

Web-reachable /goform endpoint with no auth (AV:N, PR:N, UI:N); single oversized POST parameter triggers stack overflow (AC:L) yielding root code execution (C/I/A:H).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 22, 2026 - 19:08 vuln.today

CVSS changed

Jun 22, 2026 - 18:23 NVD

9.8 (CRITICAL)

CVE Published

Jun 19, 2026 - 17:16 cve.org

UNKNOWN (no severity yet)

DescriptionCVE.org

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.

AnalysisAI

Stack buffer overflow in Tenda AC7 router firmware v15.03.06.44 allows remote unauthenticated attackers to corrupt memory via the mac parameter in the /goform/AdvSetMacMtuWan web interface endpoint. The flaw carries a CVSS 9.8 critical rating with network attack vector and no authentication required, though no public exploit code has been identified at time of analysis and the CVE is not listed in CISA KEV. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Reach router web UI on LAN or WAN

Delivery

POST oversized mac to /goform/AdvSetMacMtuWan

Exploit

Overflow httpd stack buffer

Execution

Overwrite saved return address

Persist

Execute MIPS shellcode as root

Impact

Persist via flash/cron and recruit to botnet

Access

Reach router web UI on LAN or WAN

Delivery

POST oversized mac to /goform/AdvSetMacMtuWan

Exploit

Overflow httpd stack buffer

Execution

Overwrite saved return address

Persist

Execute MIPS shellcode as root

Impact

Persist via flash/cron and recruit to botnet

Vulnerability AssessmentAI

Exploitation	The attacker must be able to send an HTTP request to the router's web management interface on the /goform/AdvSetMacMtuWan endpoint with a malicious mac parameter; CVSS PR:N/UI:N indicates no authentication or user interaction is required to reach the vulnerable parser. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals are mixed and worth disentangling. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker on the same LAN - or reaching the router through an enabled remote-management interface - sends a single crafted HTTP POST to /goform/AdvSetMacMtuWan with an oversized mac parameter, overwriting the saved return address on the httpd stack and redirecting execution to attacker-controlled shellcode or a ROP gadget chain to drop a MIPS-architecture payload. No public exploit code has been identified at time of analysis, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) describes one-shot remote unauthenticated code execution, and historically near-identical Tenda /goform/* overflows have been absorbed into Mirai-derived botnets within weeks of disclosure.
Remediation	No vendor-released patch identified at time of analysis - Tenda has not published a fixed firmware build or PSIRT advisory in the supplied data, and the only reference (https://www.kdev.site/cve-request_007/) is a researcher CVE-request page. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all Tenda AC7 units currently deployed; immediately implement network isolation and disable remote administrative access. …

Threat intelligence, references, and detailed analysis are available after sign-in.