CVE-2026-4974 | Tenda AC7 15.03.06.44 POST Request /goform/SetSysTimeCfg fromSetSysTime stack-based overflow

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability labeled as critical has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow.

This vulnerability is registered as CVE-2026-4974. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-4974 | Tenda AC7 15.03.06.44 POST Request /goform/SetSysTimeCfg fromSetSysTime stack-based overflow

Post correlati

CVE-2024-3640 | Rockwell Automation Factory Talk Remote Access up to 13.5.0.174 FTRA Installer Package unquoted search path (icsa-24-135-01)

CVE-2025-10042 | Quiz Maker Plugin up to 6.7.0.56 on WordPress Header X-Forwarded-For sql injection

CVE-2023-28807 | Zscaler ZIA prior 6.2r.290 SNI certificate validation

CVE-2025-33133 | IBM DB2 High Performance Unload up to 6.5.0.0 IF1 out-of-bounds write