{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4975/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["tenda","router","buffer overflow","cve-2026-4975"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-4975 is a critical security vulnerability affecting Tenda AC15 routers running firmware version 15.03.05.19. This vulnerability resides in the \u003ccode\u003eformSetCfm\u003c/code\u003e function, specifically within the \u003ccode\u003e/goform/setcfm\u003c/code\u003e file, which handles POST requests. An attacker can exploit a stack-based buffer overflow by sending a crafted POST request with a malicious payload in the \u003ccode\u003efuncpara1\u003c/code\u003e argument. The vulnerability is remotely exploitable, meaning an attacker does not need local access to the device…\u003c/p\u003e\n","date_modified":"2026-03-28T12:00:00Z","date_published":"2026-03-28T12:00:00Z","id":"/briefs/2026-03-tenda-ac15-bo/","summary":"A stack-based buffer overflow vulnerability (CVE-2026-4975) exists in the Tenda AC15 router version 15.03.05.19, allowing remote attackers to execute arbitrary code by manipulating the 'funcpara1' argument in a POST request to /goform/setcfm.","title":"Tenda AC15 Stack-Based Buffer Overflow Vulnerability (CVE-2026-4975)","url":"https://feed.craftedsignal.io/briefs/2026-03-tenda-ac15-bo/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-4975","version":"https://jsonfeed.org/version/1.1"}