CVE-2026-51843 Tenda CVE debrief

Who should care

Network administrators and security teams responsible for managing Tenda AC7 devices should be aware of this vulnerability. They should review the device's configuration, assess exposure, and apply patches or mitigations as needed. Additionally, security teams should monitor for potential exploitation attempts.

Technical summary

The CVE-2026-51843 vulnerability is a stack buffer overflow issue in the /goform/AdvSetMacMtuWan interface of Tenda AC7 v15.03.06.44. The vulnerability is caused by the lack of proper validation of the wanMTU parameter. This could allow an attacker to send crafted requests to the device, potentially leading to arbitrary code execution.

Defensive priority

Apply patches or updates from the vendor as soon as available. Limit exposure by restricting access to the /goform/AdvSetMacMtuWan interface.

Recommended defensive actions

• Inventory Tenda AC7 devices and verify their version.
• Review and apply patches from the vendor.
• Limit exposure by restricting access to the /goform/AdvSetMacMtuWan interface.
• Monitor for potential exploitation attempts.
• Implement compensating controls, such as Web Application Firewalls (WAFs), to detect and prevent attacks.

Evidence notes

The CVE-2026-51843 vulnerability was published on 2026-06-19. The primary evidence comes from the NVD and CVE.org. The affected product is Tenda AC7 v15.03.06.44. The vulnerability exists in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter. Defenders should verify the device's version and configuration.

Official resources