Sign-up

ID

VAR-202604-2450


CVE

CVE-2026-7470


TITLE

Shenzhen Tenda Technology Co.,Ltd. of 4g300  Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-014287

DESCRIPTION

A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. Because it allows for remote attacks and exploits have been publicly exposed, it is at risk of being exploited.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-7470 // JVNDB: JVNDB-2026-014287

AFFECTED PRODUCTS

vendor:tendamodel:4g300scope:eqversion:1.01.42_cn_tdc01

Trust: 1.0

vendor:tendamodel:4g300scope:eqversion: -

Trust: 0.8

vendor:tendamodel:4g300scope:eqversion:4g300 firmware 1.01.42_cn_tdc01

Trust: 0.8

vendor:tendamodel:4g300scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-014287 // NVD: CVE-2026-7470

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2026-7470
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-014287
value: HIGH

Trust: 0.8

cna@vuldb.com: CVE-2026-7470
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2026-014287
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2026-7470
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-014287
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-014287 // NVD: CVE-2026-7470

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-014287 // NVD: CVE-2026-7470

PATCH

title:httpsurl:https://vuldb.com/submit/804269

Trust: 0.8

sources: JVNDB: JVNDB-2026-014287

EXTERNAL IDS

db:NVDid:CVE-2026-7470

Trust: 2.6

db:JVNDBid:JVNDB-2026-014287

Trust: 0.8

sources: JVNDB: JVNDB-2026-014287 // NVD: CVE-2026-7470

REFERENCES

url:https://www.tenda.com.cn/

Trust: 1.8

url:https://vuldb.com/vuln/360206

Trust: 1.0

url:https://vuldb.com/submit/804269

Trust: 1.0

url:https://github.com/axelioc/cve/blob/main/tenda/us_4g300/sub_427c3c/sub_427c3c.md

Trust: 1.0

url:https://vuldb.com/vuln/360206/cti

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-7470

Trust: 0.8

sources: JVNDB: JVNDB-2026-014287 // NVD: CVE-2026-7470

SOURCES

db:JVNDBid:JVNDB-2026-014287
db:NVDid:CVE-2026-7470

LAST UPDATE DATE

2026-06-19T23:06:48.442000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-014287date:2026-05-07T03:27:00
db:NVDid:CVE-2026-7470date:2026-04-30T20:41:24.100

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-014287date:2026-05-07T00:00:00
db:NVDid:CVE-2026-7470date:2026-04-30T03:16:01.740