A stack-based buffer overflow vulnerability exists in the Tenda AC7 router due to improper handling of the 'newVersion' argument in the /goform/setNotUpgrade function. This flaw can be exploited remotely, allowing attackers to potentially execute arbitrary code on the device. The issue has been publicly disclosed, raising significant security concerns for users of the affected firmware version 15.03.06.44. It is crucial for users to assess their systems and apply necessary patches to mitigate the risks associated with this vulnerability.
https://securityvulnerability.io/vulner ... 2025-11586