Impact
The firmware version 15.03.06.47 of the Tenda AC5 router contains a function decodePwd in the /goform/WizardHandle handler that writes the WANT/WANS argument into a fixed‑size stack buffer without verifying its length. This unchecked write triggers a classic stack‑based buffer overflow, allowing an attacker who can send a malformed POST request to overwrite return addresses and gain arbitrary code execution on the device. The flaw is directly associated with numerous buffer‑overrun weaknesses (CWEs 119, 121, and 787). Based on the description, it is inferred that the overflow occurs when the router processes user‑supplied POST data without length checks.
Affected Systems
Affected are devices running Tenda AC5 routers with firmware revision 15.03.06.47. The vulnerable point is the /goform/WizardHandle endpoint handling HTTP POST requests. Only the specific firmware mentioned is documented as affected; no other builds are confirmed. Earlier firmware versions are not explicitly listed as vulnerable. Based on the supplied CPE data, it is inferred that only the AC5 hardware model with that firmware release is presently known to be at risk.
Risk and Exploitability
The CVSS score of 8.7 indicates high severity, and the EPSS probability of 3% suggests that exploitation is reasonably likely, especially after the vulnerability has been publicly disclosed. Attackers can perform the exploit over the network when the device's management interface is exposed. The flaw is not listed in CISA KEV, but the remote trigger and high impact warrant a prompt response. Based on the description, it is inferred that the attack vector involves sending a crafted POST request to the /goform/WizardHandle endpoint from a remote host, implying that network connectivity to the router’s management interface is required.
OpenCVE Enrichment