Description
A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Published: 2026-03-26
Score: 8.7 High
EPSS: 5.5% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a stack-based buffer overflow in the QuickIndex form handler of the Tenda AC5 firmware. An attacker can trigger the overflow by sending a POST request to /goform/QuickIndex with an unusually long PPPOEPassword argument. The vulnerability is classified under CWE‑119, CWE‑121, and CWE‑787. The overflow can overwrite stack data, which may allow control‑flow hijacking or arbitrary code execution. However, the available information does not confirm that code execution is definitely possible; the impact described is a potential consequence based on the type of overflow.

Affected Systems

Tenda AC5 routers running firmware version 15.03.06.47 are confirmed to be affected. The firmware CPE list also indicates a generic ac5_firmware entry, suggesting that other firmware releases containing the same formQuickIndex implementation could be vulnerable, though no further versions are explicitly listed.

Risk and Exploitability

The CVSS score of 8.7 classifies this as a high‑severity vulnerability. The EPSS score of 5% indicates a moderate probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The exploit is publicly available and requires no authentication, implying that a remote attacker could potentially compromise the device if exploitation is feasible. The likely attack vector is remote via the web interface and is inferred from the description of the POST request handler.

Generated by OpenCVE AI on June 24, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s firmware update that resolves the buffer overflow.
  • If a firmware update is not yet available, disable or block access to the /goform/QuickIndex endpoint through the router’s configuration or by using firewall rules to restrict POST traffic to that URL.
  • Restrict POST traffic to the /goform/QuickIndex endpoint to known management IPs and monitor for anomalous requests to detect attempted exploitation.

Generated by OpenCVE AI on June 24, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:*:*:*:*:*:*:*

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac5
Vendors & Products Tenda ac5

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Title Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption
First Time appeared Tenda
Tenda ac5 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:ac5_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac5 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T20:00:27.001Z

Reserved: 2026-03-26T15:57:53.324Z

Link: CVE-2026-4903

cve-icon Vulnrichment

Updated: 2026-03-27T14:10:57.096Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T23:16:21.307

Modified: 2026-06-17T10:57:25.563

Link: CVE-2026-4903

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:30:06Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow

  • CWE-787

    Out-of-bounds Write