CVE-2026-4903 - Vulnerability Details

- Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption

Description

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

Published: 2026-03-26

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Tenda AC5 routers exhibit a stack‑based buffer overflow in the formQuickIndex handler of the /goform/QuickIndex POST request. By sending a specially crafted PPPOEPassword value, an attacker can overflow the buffer. The CVE description notes that the flaw has an existing exploit and can be triggered remotely; the overflow may enable arbitrary code execution or compromise the router’s firmware, an inference drawn from the nature of stack overflows but not explicitly stated in the CVE data.

Affected Systems

The vulnerability affects Tenda AC5 units running firmware version 15.03.06.47 and potentially other AC5 releases indicated by the provided CPE entries. Devices that expose the QuickIndex POST handler to external traffic without authentication are susceptible; exact version coverage is known only for 15.03.06.47, while other builds may be impacted as well.

Risk and Exploitability

The CVSS score of 8.7 classifies this flaw as high severity, and the EPSS score of less than 1% suggests a currently low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the exploit is publicly available and requires no special credentials, the impact to confidentiality and integrity of the router is significant, potentially allowing a remote attacker to gain control of the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

AC5

affected

Version	Status	Constraints
`15.03.06.47`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tenda

Ac5

100%

Version	Status	Scheme	Platform
`15.03.06.47`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor’s firmware update that addresses the buffer overflow.
If a firmware update is not immediately available, block external access to the /goform/QuickIndex endpoint or disable the QuickIndex feature via the router’s configuration interface.
Add a network firewall rule to allow the router’s web interface only from known management IPs.
Monitor router logs for unexpected POST requests to /goform/QuickIndex and investigate anomalies.

Generated by OpenCVE AI on April 1, 2026 at 07:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/Tenda_AC5_QuickIndex_PPPOEPassword-32053a41781f808dae98f99c99bcb21c?source=copy_link
https://vuldb.com/?ctiid.353654
https://vuldb.com/?id.353654
https://vuldb.com/?submit.777380
https://www.tenda.com.cn/

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
CPEs		cpe:2.3:h:tenda:ac5:1.0:::::::* cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:::::::*

Fri, 27 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda ac5
Vendors & Products		Tenda ac5

Fri, 27 Mar 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Title		Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption
First Time appeared		Tenda Tenda ac5 Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:tenda:ac5_firmware::::::::
Vendors & Products		Tenda Tenda ac5 Firmware
References		https://lavender-bicycle-a5a.notion.site/Tenda_AC5_QuickIndex_PPPOEPassword-32053a41781f808dae98f99c99bcb21c?source=copy_link https://vuldb.com/?ctiid.353654 https://vuldb.com/?id.353654 https://vuldb.com/?submit.777380 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda Ac5 Ac5 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-26T22:30:18.420Z

Updated: 2026-03-27T20:00:27.001Z

Reserved: 2026-03-26T15:57:53.324Z

Link: CVE-2026-4903

Vulnrichment

Updated: 2026-03-27T14:10:57.096Z

NVD

Status : Analyzed

Published: 2026-03-26T23:16:21.307

Modified: 2026-03-31T21:08:06.830

Link: CVE-2026-4903

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-02T07:56:08Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object