What is the CVSS score of CVE-2026-51846?

CVE-2026-51846 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.6%.

Which versions of Tenda AC7 are affected by CVE-2026-51846?

Tenda AC7 routers running firmware v15.03.06.44 are vulnerable to unauthenticated remote code execution accessible over the network, enabling complete device compromise and potential lateral network…

How to fix or mitigate CVE-2026-51846?

Within 24 hours: Conduct immediate inventory of all Tenda AC7 devices, confirm firmware version 15.03.06.44, and document network topology and access paths. Within 7 days: Implement network segmentation isolating affected routers from untrusted segments using strict ACLs, disable WAN-accessible management services, and initiate replacement procurement. Within 30 days: Replace affected devices with units running current firmware versions or sustain compensating controls if replacement timeline extends beyond 30 days.

Tenda AC7 CVE-2026-51846

EUVD-2026-38052 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-06-19 cve@mitre.org

GHSA-j57g-r926-cwvq

Stack Overflow RCE Buffer Overflow Tenda

9.8

CVSS 3.1 · Vendor: mitre

Severity by source

Vendor (mitre) PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

vuln.today AI

9.8 CRITICAL

Unauthenticated POST to a network-reachable goform handler triggers a stack overflow with no user interaction, yielding root-level RCE on the router with full CIA impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 22, 2026 - 18:23 vuln.today

CVSS changed

Jun 22, 2026 - 18:23 NVD

9.8 (CRITICAL)

CVE Published

Jun 19, 2026 - 17:16 cve.org

UNKNOWN (no severity yet)

DescriptionCVE.org

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution.

AnalysisAI

Remote code execution in Tenda AC7 routers (firmware v15.03.06.44) is possible via a stack buffer overflow in the wanSpeed parameter of the /goform/AdvSetMacMtuWan endpoint. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network-based exploitation with full confidentiality, integrity, and availability impact, though no public exploit identified at time of analysis and the device is not listed in CISA KEV.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Reach router HTTP admin interface

Delivery

Send POST to /goform/AdvSetMacMtuWan with oversized wanSpeed

Exploit

Overflow stack buffer in httpd

Execution

Hijack saved return address

Persist

Execute shellcode as root

Impact

Pivot to LAN or persist in firmware

Access

Reach router HTTP admin interface

Delivery

Send POST to /goform/AdvSetMacMtuWan with oversized wanSpeed

Exploit

Overflow stack buffer in httpd

Execution

Hijack saved return address

Persist

Execute shellcode as root

Impact

Pivot to LAN or persist in firmware

Vulnerability AssessmentAI

Exploitation	The attacker must be able to reach the router's HTTP administration interface and submit a POST request to /goform/AdvSetMacMtuWan with an attacker-controlled wanSpeed parameter; per CVSS PR:N/UI:N no authentication or user interaction is required to reach the vulnerable code path. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Raw signals point to high risk: CVSS 9.8 with AV:N/AC:L/PR:N/UI:N and a stack overflow yielding RCE on a perimeter device. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with network reachability to the router's HTTP admin interface - typically an attacker on the same LAN or Wi-Fi, or a remote attacker if WAN management is exposed - sends a crafted POST request to /goform/AdvSetMacMtuWan with an oversized wanSpeed value, overflowing a stack buffer in the httpd process to overwrite the saved return address. Successful exploitation yields arbitrary code execution as root on the router, enabling traffic interception, DNS hijacking, or pivoting into the internal network. …
Remediation	No vendor-released patch identified at time of analysis - Tenda has not published an advisory in the provided data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct immediate inventory of all Tenda AC7 devices, confirm firmware version 15.03.06.44, and document network topology and access paths. …

Threat intelligence, references, and detailed analysis are available after sign-in.