Skip to main content

Tenda 4G300 EUVDEUVD-2026-26307

| CVE-2026-7470 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-04-30 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
PoC Detected
Apr 30, 2026 - 20:41 vuln.today
Public exploit code
Analysis Generated
Apr 30, 2026 - 03:30 vuln.today
CVSS changed
Apr 30, 2026 - 03:22 NVD
8.8 (HIGH) 7.4 (HIGH)
EUVD ID Assigned
Apr 30, 2026 - 03:15 euvd
EUVD-2026-26307
Analysis Generated
Apr 30, 2026 - 03:15 vuln.today
CVE Published
Apr 30, 2026 - 02:30 nvd
HIGH 7.4

DescriptionCVE.org

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 allows authenticated remote attackers to execute arbitrary code with elevated privileges via crafted SafeMacFilter requests. The vulnerability resides in function sub_427C3C at endpoint /goform/SafeMacFilter, where insufficient input validation of the 'page' parameter enables memory corruption. Public exploit code exists on GitHub (Axelioc/CVE), significantly lowering the barrier to exploitation for attackers with valid router credentials. CVSS 7.4 reflects high confidentiality, integrity, and availability impact requiring only low-privilege authentication.

Technical ContextAI

This vulnerability affects the Tenda 4G300 wireless router (CPE: cpe:2.3:a:tenda:4g300), specifically firmware version US_4G300V1.0Mt_V1.01.42_CN_TDC01. The flaw is a stack-based buffer overflow (CWE-121) in the web management interface's MAC address filtering functionality. The vulnerable function sub_427C3C processes HTTP POST requests to /goform/SafeMacFilter without proper bounds checking on the 'page' parameter, allowing an attacker to write arbitrary data beyond allocated stack buffer boundaries. This is a classic stack overflow condition where unvalidated user input directly overwrites adjacent memory regions, potentially including return addresses and function pointers. Embedded device web interfaces written in C/C++ are particularly susceptible to such memory safety issues when handling CGI parameters. The CVSS 4.0 vector (AV:N/AC:L/PR:L) indicates network-accessible exploitation with low attack complexity once authenticated, while the E:P modifier confirms proof-of-concept exploit code exists.

RemediationAI

No vendor-released patch identified at time of analysis for firmware version US_4G300V1.0Mt_V1.01.42_CN_TDC01. Check Tenda's official support site (https://www.tenda.com.cn/) for newer firmware releases that may address this vulnerability, though consumer router vendors often do not provide CVE-specific patch notes. Immediate compensating controls: (1) Disable remote administration on WAN interface - restrict web management access to LAN-side clients only, eliminating internet-based attack surface (trade-off: no remote management capability); (2) Change default administrative credentials to strong unique passwords (16+ characters, mixed case, numbers, symbols) to prevent credential-based initial access; (3) Implement network segmentation - place Tenda device on isolated VLAN if used in enterprise environment, preventing pivot to critical assets post-compromise; (4) Monitor for unauthorized login attempts and configuration changes in router logs. Long-term recommendation: Replace Tenda 4G300 with actively maintained router models from vendors with established security update programs, as this device appears to be end-of-life with no security support. For SOHO deployments, consumer-grade alternatives with automatic update mechanisms provide better ongoing security posture.

More in Tenda

View all
CVE-2022-30023 HIGH POC
8.8 Jun 16

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high sev

CVE-2015-5995 CRITICAL POC
9.8 Dec 31

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attacke

CVE-2014-5246 CRITICAL POC
10.0 Aug 22

The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication

CVE-2025-45042 CRITICAL POC
9.8 May 05

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critic

CVE-2025-29384 CRITICAL POC
9.8 Mar 14

In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability

CVE-2025-44877 CRITICAL POC
9.8 May 02

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via

CVE-2025-44872 CRITICAL POC
9.8 May 02

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via

CVE-2022-32386 CRITICAL POC
9.8 Jul 06

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CV

CVE-2025-25632 CRITICAL POC
9.8 Mar 05

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical se

CVE-2023-51972 CRITICAL POC
9.8 Jan 10

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rate

CVE-2023-51812 CRITICAL POC
9.8 Jan 04

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /

CVE-2025-45429 CRITICAL POC
9.8 Apr 23

In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWp

Share

EUVD-2026-26307 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy