{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4975", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T08:58:22.978Z", "datePublished": "2026-03-27T19:52:54.501Z", "dateUpdated": "2026-03-30T18:58:54.834Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T19:52:54.501Z"}, "title": "Tenda AC15 POST Request setcfm formSetCfm memory corruption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "AC15", "versions": [{"version": "15.03.05.19", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:ac15_firmware:*:*:*:*:*:*:*:*"], "modules": ["POST Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T10:03:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "wxhwxhwxh_mie (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.353862", "name": "VDB-353862 | Tenda AC15 POST Request setcfm formSetCfm memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353862", "name": "VDB-353862 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.778261", "name": "Submit #778261 | Tenda AC15 AC15 V1.0 V15.03.05.19_multi Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC15-setcfm-32153a41781f807b8945dd8920fafc14?source=copy_link", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T18:58:48.672936Z", "id": "CVE-2026-4975", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:58:54.834Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4975", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T18:58:48.672936Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T18:58:51.694Z"}}], "cna": {"title": "Tenda AC15 POST Request setcfm formSetCfm memory corruption", "credits": [{"lang": "en", "type": "reporter", "value": "wxhwxhwxh_mie (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:ac15_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "modules": ["POST Request Handler"], "product": "AC15", "versions": [{"status": "affected", "version": "15.03.05.19"}]}], "timeline": [{"lang": "en", "time": "2026-03-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-27T10:03:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.353862", "name": "VDB-353862 | Tenda AC15 POST Request setcfm formSetCfm memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353862", "name": "VDB-353862 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.778261", "name": "Submit #778261 | Tenda AC15 AC15 V1.0 V15.03.05.19_multi Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC15-setcfm-32153a41781f807b8945dd8920fafc14?source=copy_link", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T19:52:54.501Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4975", "state": "PUBLISHED", "dateUpdated": "2026-03-30T18:58:54.834Z", "dateReserved": "2026-03-27T08:58:22.978Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-27T19:52:54.501Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."}], "id": "CVE-2026-4975", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-27T20:16:38.707", "references": [{"source": "cna@vuldb.com", "url": "https://lavender-bicycle-a5a.notion.site/Tenda-AC15-setcfm-32153a41781f807b8945dd8920fafc14?source=copy_link"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.353862"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.353862"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.778261"}, {"source": "cna@vuldb.com", "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15.03.05.19"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "AC15", "source": "cna", "vendor": "Tenda"}, "product": "ac15", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-03-27T21:50:30.134598+00:00", "value": {"mitigation_remediation": ["Check the Tenda website or support portal for a firmware update that addresses the buffer overflow; apply the latest firmware immediately.", "If no official update is available, block or restrict access to the /goform/setcfm endpoint on the router using firewall rules or by configuring local network segmentation to limit exposure to trusted devices.", "Monitor inbound POST traffic to the router for suspicious activity and log attempts targeting /goform/setcfm so that potential exploitation attempts can be detected and investigated."], "summary": {"action": "Immediate patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The affected product is the Tenda AC15 router running firmware 15.03.05.19. No other versions or products are listed as affected.", "description_and_impact": "Tenda AC15 firmware version 15.03.05.19 contains a stack-based buffer overflow in the POST request handler for the /goform/setcfm endpoint. Manipulating the funcpara1 parameter causes an out\u2011of\u2011bounds write on the stack, which can lead to arbitrary code execution or a denial of service. The vulnerability is a classic buffer overflow (CWE-119) and stack based overwrite (CWE-121). The exploit is publicly disclosed and can be executed remotely.", "risk_and_exploitability": "The CVSS score of 8.7 indicates a high severity risk. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, requiring an attacker to send a crafted POST request to the /goform/setcfm endpoint, which can be performed over the open network interface of the router."}}}}, "created": "2026-03-29T20:30:17.314260+00:00", "updated": "2026-03-30T07:00:34.115740+00:00", "vendors": ["tenda", "tenda$PRODUCT$ac15"]}