CVE-2026-4567

CriticalPublic PoC

Published: 23 March 2026

Published

23 March 2026

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 33.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has…

been disclosed to the public and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the stack-based buffer overflow by requiring validation of the File argument in the UploadCfg function to prevent improper memory operations.

SI-16 Memory Protection good match

prevent

Implements memory safeguards like stack canaries or DEP to protect against exploitation of the buffer overflow for arbitrary code execution.

SI-2 Flaw Remediation good match

prevent

Requires timely identification and patching of the specific buffer overflow flaw in the Tenda A15 firmware to eliminate the vulnerability.

Security SummaryAI

CVE-2026-4567 is a stack-based buffer overflow vulnerability affecting the Tenda A15 router on firmware version 15.13.07.13. The issue resides in the UploadCfg function of the /cgi-bin/UploadCfg file, where manipulation of the File argument triggers the overflow. Published on 2026-03-23, it is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

The vulnerability enables remote exploitation without authentication, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Attackers require only network access and can initiate the attack with low complexity, achieving high impacts on confidentiality, integrity, and availability. Successful exploitation may allow arbitrary code execution, potentially leading to full router compromise.

Advisories and exploit details are documented in references including a GitHub issue at https://github.com/942384053/cve/issues/3, a ZIP file containing an unauthenticated stack-based buffer overflow exploit at https://github.com/user-attachments/files/25824036/Tenda.A15.V15.13.07.13.Unauthenticated.Stack-based.Buffer.Overflow.in._cgi-bin_UploadCfg.zip, and VulDB entries at https://vuldb.com/?ctiid.352404, https://vuldb.com/?id.352404, and https://vuldb.com/?submit.775156. The public disclosure of the exploit heightens the risk of active exploitation.

Details

CWE(s): CWE-119 CWE-121

Affected Products

tenda

a15 firmware

15.13.07.13

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a stack-based buffer overflow in a public-facing web CGI endpoint (/cgi-bin/UploadCfg) on a router, enabling unauthenticated remote code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/942384053/cve/issues/3
Issue Tracking · cna@vuldb.com
https://github.com/user-attachments/files/25824036/Tenda.A15.V15.13.07.13.Unauthenticated.Stack-based.Buffer.Overflow.in._cgi-bin_UploadCfg.zip
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.352404
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.352404
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.775156
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.tenda.com.cn/
Product · cna@vuldb.com