Primary

Context

Tenda AC15 Buffer Overflow Vulnerability in MAC Filter Configuration

Vulnerability

A buffer overflow vulnerability exists in the Tenda AC15 router, specifically in version V15.03.05.18_multi. The issue arises within the 'goform/formSetMacFilterCfg' function, where user-supplied parameters are passed to a function without proper input validation. This lack of validation allows for an overflow to occur, potentially leading to arbitrary code execution or other malicious outcomes.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'http://192.168.1.1/goform/setMacFilterCfg' with the 'macFilterType' parameter set to 'black' and the 'deviceList' parameter containing a crafted MAC address. The request must include a cookie with the password 'ssetgb'.

Added: Mar 3, 2026, 3:21 PM

Updated: Mar 3, 2026, 10:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.6

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.6

remediation

0.0

relevance

3.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tenda AC15 Buffer Overflow Vulnerability in MAC Filter Configuration

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating