{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-24103", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-05T16:25:56.029Z", "dateReserved": "2026-01-21T00:00:00.000Z", "datePublished": "2026-03-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T14:57:25.512Z"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2710"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24103"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "references": [{"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24103", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T16:24:56.777360Z", "id": "CVE-2026-24103", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T16:25:56.029Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24103", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T16:24:56.777360Z"}}}], "references": [{"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24103", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T16:25:28.005Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.tenda.com.cn/material/show/2710"}, {"url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24103"}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-03T14:57:25.512Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24103", "state": "PUBLISHED", "dateUpdated": "2026-03-05T16:25:56.029Z", "dateReserved": "2026-01-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18_multi:*:*:*:*:*:*:*", "matchCriteriaId": "C38A6B7F-A567-4C13-BA08-1010B3AC986C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac15:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D5059CAD-BD1A-4808-BCED-006444E60701", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi."}], "id": "CVE-2026-24103", "lastModified": "2026-03-05T21:43:07.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-03T15:16:18.787", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24103"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.tenda.com.cn/material/show/2710"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/akuma-QAQ/CVEreport/tree/main/D-link/CVE-2026-24103"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15.03.05.18_multi"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "ac15", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-16T14:13:59.920135+00:00", "value": {"mitigation_remediation": ["Update the router firmware to the latest version released by Tenda that addresses the buffer overflow issue.", "If an immediate firmware update is not possible, restrict access to the management interface to trusted IP addresses or VPN connections to reduce exposure to unauthenticated users.", "Implement network segmentation so that the router\u2019s administrative network is isolated from devices that could be compromised if the router is exploited.", "Monitor the router\u2019s logs for anomalous configuration requests or repeated failed packets that could indicate an attempted exploitation."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Tenda AC15 router model, specifically firmware version 15.03.05.18_multi. System administrators managing devices listed under the hardware identifier ac15 v1.0 should verify that they are running this firmware or a newer patched release.", "description_and_impact": "A buffer overflow exists in the goform/formSetMacFilterCfg handler of the Tenda AC15 V15.03.05.18_multi firmware. This flaw allows an attacker who can send a specially crafted request to the router\u2019s configuration interface to overwrite memory on the device. If exploited, the attacker could gain arbitrary code execution, compromising the integrity and confidentiality of the router and potentially the devices connected to it.", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests low available exploitation probability at the time of analysis. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, so no confirmed exploits are publicly known. Nonetheless, the attack vector is inferred to be remote via the router\u2019s HTTP management interface; an attacker could construct a request without authentication if the interface is exposed to the public network or accessed by an untrusted internal user. Given its high impact, the potential for remote code execution remains a top concern for any organization still running the affected firmware."}}}}, "created": "2026-03-04T21:04:33.353541+00:00", "title": "Buffer Overflow in Tenda AC15 Configuration API Enabling Potential Remote Code Execution", "updated": "2026-04-16T14:15:28.817382+00:00", "vendors": ["tenda", "tenda$PRODUCT$ac15"]}