Which versions of Tenda 4G300 are affected by EUVD-2026-26307?

CVE-2026-7470 is a stack-based buffer overflow in Tenda 4G300 routers (firmware version US_4G300V1.0Mt_V1.01.42_CN_TDC01) that allows authenticated users to execute arbitrary code with elevated…

Is there a public PoC exploit available for EUVD-2026-26307?

Yes, a public proof-of-concept exploit is available for EUVD-2026-26307. Prioritise patching immediately. EPSS: 0.0%.

Tenda 4G300 EUVD-2026-26307

Q: What is the CVSS score of EUVD-2026-26307?

EUVD-2026-26307 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7470 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-30 VulDB

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 30, 2026 - 20:41 vuln.today

Public exploit code

Analysis Generated

Apr 30, 2026 - 03:30 vuln.today

CVSS changed

Apr 30, 2026 - 03:22 NVD

8.8 (HIGH) 7.4 (HIGH)

EUVD ID Assigned

Apr 30, 2026 - 03:15 euvd

EUVD-2026-26307

Analysis Generated

Apr 30, 2026 - 03:15 vuln.today

CVE Published

Apr 30, 2026 - 02:30 nvd

HIGH 7.4

DescriptionNVD

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 allows authenticated remote attackers to execute arbitrary code with elevated privileges via crafted SafeMacFilter requests. The vulnerability resides in function sub_427C3C at endpoint /goform/SafeMacFilter, where insufficient input validation of the 'page' parameter enables memory corruption. …

RemediationAI

Within 24 hours: Identify all Tenda 4G300 devices in production using network discovery tools and document firmware versions. Within 7 days: Implement network segmentation to isolate affected routers and restrict administrative access to essential personnel only; verify user access logs for unauthorized authentication attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26307 vulnerability details – vuln.today

Back

Tenda 4G300 EUVD-2026-26307

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda 4G300 EUVD-2026-26307

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code