A critical vulnerability has been identified in the Tenda AC15 router, specifically affecting version 15.03.05.19. This vulnerability is a stack-based buffer overflow that can be triggered remotely by manipulating the 'funcpara1' argument within the '/goform/setcfm' endpoint. Successful exploitation could lead to arbitrary code execution, potentially granting an attacker complete control over the device. The vulnerability was publicly disclosed on 2026-03-27, and a firmware update is necessary to address the issue.
The buffer overflow vulnerability in the Tenda AC15 router allows a remote attacker to potentially execute arbitrary code on the device. This could involve gaining full administrative access, modifying router configurations, intercepting network traffic, or launching further attacks against internal network resources. The ability to remotely trigger this vulnerability significantly increases the risk, as attackers do not need physical access to the router. Given the router's role as a gateway to a home or small business network, a successful exploit could have a wide-ranging impact, compromising sensitive data and disrupting network services. The public disclosure of this vulnerability increases the likelihood of exploitation attempts.
This vulnerability was publicly disclosed on 2026-03-27. The availability of a public description and the ease of exploitation (remote trigger) suggest a medium probability of exploitation. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature and public disclosure.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4975 is to upgrade the Tenda AC15 router to a patched firmware version. Unfortunately, a fixed firmware version is not specified in the provided data. Until a patch is released, consider implementing temporary workarounds such as restricting access to the '/goform/setcfm' endpoint using a firewall or access control list (ACL). Monitor router logs for suspicious activity, particularly requests to the vulnerable endpoint. If possible, isolate the router from the internet to reduce the attack surface. After applying any mitigation steps, verify their effectiveness by attempting to trigger the vulnerability using a safe testing environment.
Update the Tenda AC15 router firmware to a version later than 15.03.05.19. If no update is available, consider replacing the device with one that has active support and security updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4975 is a HIGH severity buffer overflow vulnerability affecting Tenda AC15 routers version 15.03.05.19. It allows remote attackers to potentially execute arbitrary code by manipulating the 'funcpara1' argument.
You are affected if you are using a Tenda AC15 router running version 15.03.05.19 and have not upgraded to a patched firmware version. Check your router's firmware version and upgrade if necessary.
The recommended fix is to upgrade to a patched firmware version. Check the Tenda website for available updates. Until a patch is released, consider temporary workarounds like firewall restrictions.
While active exploitation is not confirmed, the public disclosure of the vulnerability increases the likelihood of exploitation attempts. Monitor your router logs for suspicious activity.
Please refer to the Tenda website for official advisories and firmware updates related to CVE-2026-4975. Check their security notice section for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.