Description
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Published: 2026-03-26
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in the Tenda AC5 router firmware 15.03.06.47. The flaw is triggered by manipulating the index argument within the formWifiWpsOOB function that processes POST requests to the /goform/WifiWpsOOB endpoint. The overflow corrupts the stack and allows an attacker to execute arbitrary code, potentially giving full control over the device. The weakness is classified as a stack buffer overflow (CWE‑119) and stack corruption (CWE‑121).

Affected Systems

The affected device is the Tenda AC5 router running firmware version 15.03.06.47. Earlier or identical builds that have not applied the fix are likely vulnerable as well. No other vendors or products are listed as impacted.

Risk and Exploitability

The CVSS base score of 8.7 indicates a high severity vulnerability. While EPSS data is not available, a publicly available exploit demonstrates that the flaw can be practically exploited. The most probable attack vector is a crafted HTTP POST request to /goform/WifiWpsOOB sent from an external network. Successful exploitation results in arbitrary code execution on the router, compromising confidentiality, integrity, and availability of all devices behind the router. The vulnerability is not listed in the CISA KEV catalog, but its public exploitation makes it a significant immediate threat.

Generated by OpenCVE AI on March 27, 2026 at 07:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Tenda AC5 firmware that includes the overflow fix
  • Verify the firmware version to confirm the update was applied
  • Disable the WPS functionality if it is not required to reduce the attack surface
  • Restrict access to the router’s management interface and the /goform/WifiWpsOOB endpoint to trusted IP ranges
  • Monitor device logs for suspicious POST requests to /goform/WifiWpsOOB

Generated by OpenCVE AI on March 27, 2026 at 07:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac5
Vendors & Products Tenda ac5

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Title Tenda AC5 POST Request WifiWpsOOB formWifiWpsOOB stack-based overflow
First Time appeared Tenda
Tenda ac5 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:ac5_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac5 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac5 Ac5 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T11:27:29.101Z

Reserved: 2026-03-26T15:58:00.899Z

Link: CVE-2026-4905

cve-icon Vulnrichment

Updated: 2026-03-27T11:26:41.628Z

cve-icon NVD

Status : Received

Published: 2026-03-27T00:16:24.393

Modified: 2026-03-27T00:16:24.393

Link: CVE-2026-4905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:49Z

Weaknesses