CVE-2026-7470: Tenda 4G300 Router Vulnerable to Remote Stack Overflow
The National Vulnerability Database has disclosed CVE-2026-7470, a high-severity stack-based buffer overflow affecting the Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 router. Specifically, a flaw exists in the sub_427C3C function within the /goform/SafeMacFilter file. Manipulating the page argument can trigger the overflow, leading to remote exploitation.
With a CVSSv3.1 score of 8.8 (High), this vulnerability presents a significant risk. The attack vector is network-based, requires low privileges, and does not need user interaction. Its impact is high on confidentiality, integrity, and availability, meaning an attacker could achieve remote code execution and full control over the device. The National Vulnerability Database also notes that an exploit has been published, escalating the urgency for remediation.
This is a critical issue for any organization or individual still relying on the affected Tenda 4G300 router. The existence of a public exploit dramatically lowers the bar for attackers, making these devices prime targets for initial access, network compromise, or use in botnets. Defenders must assume active exploitation is imminent or already underway.
What This Means For You
- If your organization or any remote sites use the Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 router, immediately assess its exposure. Given the public exploit and high CVSS score, these devices are high-value targets. Prioritize isolating or replacing affected routers; a patch is unlikely for such an older device. Assume compromise if you cannot confirm isolation.
Related ATT&CK Techniques
🛡️ Detection Rules
5 rules · 6 SIEM formats5 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2026-7470
title: Web Application Exploitation Attempt — CVE-2026-7470
id: scw-2026-04-30-1
status: experimental
level: high
description: |
Detects common exploitation patterns targeting web applications. Review CVE-2026-7470 advisories for specific indicators.
author: SCW Feed Engine (auto-generated)
date: 2026-04-30
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7470/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- '..'
- 'SELECT'
- 'UNION'
- '<script'
- 'cmd='
- '/etc/passwd'
condition: selection
falsepositives:
- Legitimate activity from CVE-2026-7470
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7470 | Buffer Overflow | Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 |
| CVE-2026-7470 | Buffer Overflow | Vulnerable function: sub_427C3C in /goform/SafeMacFilter |
| CVE-2026-7470 | Buffer Overflow | Vulnerable argument: page |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 30, 2026 at 06:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7469 — Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 Command Injection
CVE-2026-7469 — A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag...
CVE-2026-7468: Improper Access Control Flaw in 1024-lab smart-admin
CVE-2026-7468 — A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the...
CVE-2026-7447 — SourceCodester Pet Grooming Management Software SQL Injection
CVE-2026-7447 — A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation...