CRITICAL🇵🇱 Wersja polska

CVE-2026-24103

CVSS 9.8v3.1pub. 2026-03-03upd. 2026-03-05

A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.

🤖 AI Analysis
How it works

The vulnerability (CWE-120 — classic buffer overflow) occurs in the goform/formSetMacFilterCfg function, which is responsible for MAC address filtering configuration. An attacker can provide specially crafted input data that exceeds the size of the allocated buffer in memory. This results in overwriting adjacent memory areas, which can lead to arbitrary code execution.

Impact

An unauthenticated attacker, acting remotely over the network, can take full control of the device, access confidential data, modify its configuration, or permanently disable the router.

Mitigation & patch

Security patches available from the manufacturer should be applied according to the references. It is recommended to monitor the official Tenda website at the address indicated in the references. Until a fix is released, it is recommended to restrict access to the device's administrative panel only to trusted hosts and isolate the device from untrusted networks.

Who is affected

Tenda AC15V1.0 with firmware version V15.03.05.18_multi

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tenda Ac15

    HW
    Tenda
    1.0
  • Tenda Ac15 Firmware

    OS
    Tenda
    15.03.05.18_multi
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2020-10987CRITICAL9.8⚠ KEVten sam produkt

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute a...

CVE-2026-24101CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru formSetIptv

CVE-2026-24105CRITICAL9.8PL ✓ten sam produkt

Command injection w Tenda AC15 — brak walidacji parametru w formsetUsbUnload

CVE-2025-63666CRITICAL9.8PL ✓ten sam produkt

Tenda AC15: słaby mechanizm cookie sesji ujawniający hash hasła

CVE-2025-29462CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w Tenda AC15 — przepełnienie stosu przez HTTP