CVE-2026-51844 Tenda CVE debrief

Who should care

Network administrators and security teams responsible for managing Tenda AC7 devices should be aware of this vulnerability. They should review the device's version and apply patches or mitigations as recommended by the vendor. Additionally, security teams should monitor network traffic and system logs for potential exploitation attempts.

Technical summary

The CVE-2026-51844 vulnerability is a stack buffer overflow issue in the /goform/AdvSetMacMtuWan interface of Tenda AC7 v15.03.06.44. The vulnerability is caused by the cloneType parameter not being properly validated, allowing attackers to overflow the stack buffer. This may lead to arbitrary code execution. The vulnerability was published on 2026-06-19 and has not been modified since then.

Defensive priority

Medium priority due to potential for code execution

Recommended defensive actions

• Review and apply patches from the vendor
• Verify device version and configuration
• Monitor network traffic and system logs
• Implement compensating controls to limit exposure
• Review and update incident response plans

Evidence notes

The CVE-2026-51844 vulnerability was published on 2026-06-19. The affected product is Tenda AC7 v15.03.06.44. The vulnerability exists in the /goform/AdvSetMacMtuWan interface via the cloneType parameter. The CVE was sourced from NVD and has not been modified since publication. Users should verify the vulnerability status and affected versions with the vendor or official sources.

Official resources