CVE-2026-51845
Description
Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
Root cause
"Use of the unbounded strcpy function to copy the user-controlled mac parameter into a fixed-size stack buffer allows a stack buffer overflow."
Attack vector
An unauthenticated attacker on the local network sends a crafted POST request to `/goform/AdvSetMacMtuWan` with an overly long `mac` parameter. Because `strcpy` does not validate the input length against the destination buffer, the excess data overflows the stack [ref_id=1]. This can lead to denial of service or, with a carefully crafted payload, remote arbitrary code execution [ref_id=1].
Affected code
The vulnerability resides in the `/goform/AdvSetMacMtuWan` interface of the Tenda AC7 router firmware V15.03.06.44. The `check_param_changed` method copies the user-controlled `mac` parameter into a stack buffer using `strcpy`, which performs no bounds checking [ref_id=1].
What the fix does
The advisory does not include a published patch. To remediate the vulnerability, the vendor should replace the unbounded `strcpy` call with a bounds-checked function such as `strncpy` or `snprintf`, or validate the length of the `mac` parameter before copying it into the stack buffer [ref_id=1].
Preconditions
- networkAttacker must have network access to the router's web interface (typically on the local LAN).
- authNo authentication is required; the PoC request does not include any credentials beyond a cookie.
- configThe router must be running firmware version V15.03.06.44 (or earlier).
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.