Description
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-03-27
Score: 8.7 High
EPSS: 2.6% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The firmware version 15.03.06.47 of the Tenda AC5 router contains a function decodePwd in the /goform/WizardHandle handler that writes the WANT/WANS argument into a fixed‑size stack buffer without verifying its length. This unchecked write triggers a classic stack‑based buffer overflow, allowing an attacker who can send a malformed POST request to overwrite return addresses and gain arbitrary code execution on the device. The flaw is directly associated with numerous buffer‑overrun weaknesses (CWEs 119, 121, and 787). Based on the description, it is inferred that the overflow occurs when the router processes user‑supplied POST data without length checks.

Affected Systems

Affected are devices running Tenda AC5 routers with firmware revision 15.03.06.47. The vulnerable point is the /goform/WizardHandle endpoint handling HTTP POST requests. Only the specific firmware mentioned is documented as affected; no other builds are confirmed. Earlier firmware versions are not explicitly listed as vulnerable. Based on the supplied CPE data, it is inferred that only the AC5 hardware model with that firmware release is presently known to be at risk.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and the EPSS probability of 3% suggests that exploitation is reasonably likely, especially after the vulnerability has been publicly disclosed. Attackers can perform the exploit over the network when the device's management interface is exposed. The flaw is not listed in CISA KEV, but the remote trigger and high impact warrant a prompt response. Based on the description, it is inferred that the attack vector involves sending a crafted POST request to the /goform/WizardHandle endpoint from a remote host, implying that network connectivity to the router’s management interface is required.

Generated by OpenCVE AI on June 24, 2026 at 12:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router to the latest firmware version that contains a fix for the decodePwd buffer overflow; the update resolves the unchecked buffer handling that underlies CWEs 119, 121, and 787.
  • If a patched firmware is not yet available, limit exposure of the /goform/WizardHandle endpoint by permitting only trusted IP addresses to reach the management interface or by placing the router in a demilitarized zone with strict access controls, thereby mitigating the risk of a CWE-121 overflow.
  • As a temporary protective measure, configure local firewall or network ACLs to block or rate‑limit POST requests to /goform/WizardHandle, reducing the attack surface associated with the stack overflow identified by CWE-121.

Generated by OpenCVE AI on June 24, 2026 at 12:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:*:*:*:*:*:*:*

Mon, 30 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac5
Vendors & Products Tenda ac5

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Title Tenda AC5 POST Request WizardHandle decodePwd stack-based overflow
First Time appeared Tenda
Tenda ac5 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:ac5_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac5 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-30T11:56:56.348Z

Reserved: 2026-03-26T15:58:03.744Z

Link: CVE-2026-4906

cve-icon Vulnrichment

Updated: 2026-03-30T11:56:52.572Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T01:16:21.807

Modified: 2026-06-17T10:57:25.953

Link: CVE-2026-4906

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T12:45:04Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow

  • CWE-787

    Out-of-bounds Write