{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4567", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-22T08:34:10.518Z", "datePublished": "2026-03-23T01:30:13.416Z", "dateUpdated": "2026-03-23T11:49:07.827Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-23T01:30:13.416Z"}, "title": "Tenda A15 UploadCfg stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "A15", "versions": [{"version": "15.13.07.13", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:a15_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "CRITICAL"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "CRITICAL"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "CRITICAL"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-22T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-22T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-22T09:39:14.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "942384053 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.352404", "name": "VDB-352404 | Tenda A15 UploadCfg stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352404", "name": "VDB-352404 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775156", "name": "Submit #775156 | Tenda A15 V15.13.07.13 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/942384053/cve/issues/3", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/25824036/Tenda.A15.V15.13.07.13.Unauthenticated.Stack-based.Buffer.Overflow.in._cgi-bin_UploadCfg.zip", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T11:48:37.816628Z", "id": "CVE-2026-4567", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T11:49:07.827Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4567", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T11:48:37.816628Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T11:48:52.076Z"}}], "cna": {"title": "Tenda A15 UploadCfg stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "942384053 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 10, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:a15_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "product": "A15", "versions": [{"status": "affected", "version": "15.13.07.13"}]}], "timeline": [{"lang": "en", "time": "2026-03-22T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-22T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-22T09:39:14.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352404", "name": "VDB-352404 | Tenda A15 UploadCfg stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352404", "name": "VDB-352404 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.775156", "name": "Submit #775156 | Tenda A15 V15.13.07.13 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/942384053/cve/issues/3", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/25824036/Tenda.A15.V15.13.07.13.Unauthenticated.Stack-based.Buffer.Overflow.in._cgi-bin_UploadCfg.zip", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-23T01:30:13.416Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4567", "state": "PUBLISHED", "dateUpdated": "2026-03-23T11:49:07.827Z", "dateReserved": "2026-03-22T08:34:10.518Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-23T01:30:13.416Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:a15_firmware:15.13.07.13:*:*:*:*:*:*:*", "matchCriteriaId": "D91580C9-7B0F-4691-AE5D-F4D58B7DC58F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:a15:-:*:*:*:*:*:*:*", "matchCriteriaId": "B98AF912-2349-4E1F-8213-8EB5B0BA83B6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en Tenda A15 15.13.07.13. El elemento afectado es la funci\u00f3n UploadCfg del archivo /cgi-bin/UploadCfg. La manipulaci\u00f3n del argumento File conduce a desbordamiento de b\u00fafer basado en pila. El ataque puede ser iniciado remotamente. El exploit ha sido divulgado al p\u00fablico y puede ser usado."}], "id": "CVE-2026-4567", "lastModified": "2026-04-02T12:11:41.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-23T03:16:00.387", "references": [{"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/942384053/cve/issues/3"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/user-attachments/files/25824036/Tenda.A15.V15.13.07.13.Unauthenticated.Stack-based.Buffer.Overflow.in._cgi-bin_UploadCfg.zip"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.352404"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.352404"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.775156"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15.13.07.13"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "A15", "source": "cna", "vendor": "Tenda"}, "product": "a15", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-02T13:26:15.843951+00:00", "value": {"mitigation_remediation": ["Upgrade the router firmware to the latest version released by Tenda. If a newer firmware is not immediately available, avoid using the /cgi-bin/UploadCfg service by disabling or removing it from the firmware configuration. Keep the device isolated from untrusted networks and restrict management access only to trusted internal parties. Change the default administrator username and password to strong, unique credentials. Regularly monitor router logs for suspicious upload requests or abnormal POST traffic."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The issue affects the Tenda A15 wireless router running firmware version 15.13.07.13. The Common Platform Enumeration identifies the hardware as tenda:a15 and the firmware as tenda:a15_firmware:15.13.07.13. No other versions are listed, so the risk is specific to this build.", "description_and_impact": "A vulnerability exists in the UploadCfg function of the Tenda A15 router firmware 15.13.07.13. The function improperly handles the File argument, leading to a stack-based buffer overflow that can be triggered remotely. This flaw corresponds to CWE-119 and CWE-121 and can allow an attacker to execute arbitrary code on the device, potentially taking full control of the router. The description confirms the overflow is exploitable from outside the local network and that an exploit has already been disclosed to the public.", "risk_and_exploitability": "The CVSS score of 9.3 places this flaw in the Critical severity range. While the EPSS indicates a low probability of exploitation (less than 1%), the vulnerability is publicly disclosed and can be harnessed from remote clients. It is not present in the CISA Known Exploited Vulnerabilities catalog. Because the flaw resides in a remote-accessible CGI interface, a threat actor with external network reach could launch the attack without requiring prior login credentials. The high severity and publicly available exploit code mean a rapid response is warranted. "}}}}, "created": "2026-03-23T09:45:41.556267+00:00", "updated": "2026-04-02T20:23:13.618370+00:00", "vendors": ["tenda", "tenda$PRODUCT$a15"]}