CVE-2026-4975

HighPublic PoC

Published: 27 March 2026

Published

27 March 2026

Modified

03 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0009 25.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4975 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Tenda Ac15 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 25.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of flaws like the stack-based buffer overflow in Tenda AC15's formSetCfm function.

SI-10 Information Input Validation good match

prevent

SI-10 enforces validation of inputs such as the funcpara1 argument in POST requests to /goform/setcfm to prevent buffer overflows.

SI-16 Memory Protection good match

prevent

SI-16 implements memory safeguards like stack canaries and non-executable stacks to block code execution from the stack-based buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in the router's web POST handler (/goform/setcfm) enables remote code execution from a low-privileged network session, directly mapping to exploitation of a public-facing application (T1190) and privilege escalation to achieve full system impact (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated…

remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2026-4975 is a stack-based buffer overflow vulnerability in Tenda AC15 firmware version 15.03.05.19. It affects the formSetCfm function in the /goform/setcfm file of the POST Request Handler component, where manipulation of the funcpara1 argument triggers the overflow. Published on 2026-03-27, the issue is rated 8.8 on the CVSS 3.1 scale (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWEs 119, 121, and 787.

The vulnerability enables remote exploitation over the network with low attack complexity, requiring only low privileges and no user interaction. An attacker with network access and minimal authentication can manipulate the funcpara1 argument via a POST request, potentially achieving high impacts on confidentiality, integrity, and availability, such as remote code execution.

VulDB advisories detail the issue and note that the exploit has been publicly disclosed via a Notion page and may be actively used. No specific patches are mentioned in the provided details; security practitioners should consult the vendor site at tenda.com.cn and VulDB references (ctiid.353862, id.353862, submit.778261) for mitigation guidance or firmware updates.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

tenda

ac15 firmware

15.03.05.19_multi

CVEs Like This One

CVE-2025-0566Same product: Tenda Ac15

CVE-2026-3400Same product: Tenda Ac15

CVE-2025-11389Same product: Tenda Ac15

CVE-2025-11386Same product: Tenda Ac15

CVE-2025-11387Same product: Tenda Ac15

CVE-2025-11388Same product: Tenda Ac15

CVE-2026-5830Same product: Tenda Ac15

CVE-2026-24103Same product: Tenda Ac15

CVE-2025-25632Same product: Tenda Ac15

CVE-2026-24105Same product: Tenda Ac15

References

https://lavender-bicycle-a5a.notion.site/Tenda-AC15-setcfm-32153a41781f807b8945dd8920fafc14?source=copy_link
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.353862
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.353862
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.778261
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com