CVE-2026-4906 - Vulnerability Details

- Tenda AC5 POST Request WizardHandle decodePwd stack-based overflow

Description

A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Published: 2026-03-27

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Tenda AC5 firmware version 15.03.06.47 contains a stack-based buffer overflow in the decodePwd function, located in the /goform/WizardHandle POST request handler. An attacker can send a specially crafted POST request containing a manipulated WANT/WANS argument, causing the overflow and potentially allowing arbitrary code execution on the device. The vulnerability is a classic stack corruption flaw commonly linked to CWEs 119, 121, and 787.

Affected Systems

The flaw affects Tenda AC5 routers, specifically firmware revision 15.03.06.47. The vulnerable endpoint is /goform/WizardHandle, which processes HTTP POST requests from clients authorized to manage the device. Devices running earlier firmware builds may be affected until a patch is applied.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and the EPSS score of less than 1% suggests low overall exploitation probability, though the vulnerability has been publicly disclosed and could be leveraged by well‑equipped adversaries. The attack vector is remote, requiring network access to the router’s management interface to execute the malicious POST request. No CISA KEV listing is present, but the presence of a stack overflow and remote trigger warrants respect for potential exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Tenda

AC5

affected

Version	Status	Constraints
`15.03.06.47`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:*:*:*:*:*:*:*

cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Tenda

Ac5

100%

Version	Status	Scheme	Platform
`15.03.06.47`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check Tenda’s official website or support portal for the latest firmware release that fixes the stack‑based overflow vulnerability.
Update the device to the patched firmware as soon as it becomes available.
If no patch is available, restrict or disable external access to the /goform/WizardHandle endpoint via firewall or access control lists.
Ensure that all management interfaces are protected with strong authentication and, if possible, restrict administrative access to trusted IP ranges.

Generated by OpenCVE AI on April 1, 2026 at 06:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00079.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://lavender-bicycle-a5a.notion.site/Tenda_AC5_WizardHandle_PPW-32053a41781f80cab094d750d30dc9a8?source=copy_link
https://vuldb.com/?ctiid.353657
https://vuldb.com/?id.353657
https://vuldb.com/?submit.777394
https://www.tenda.com.cn/

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
CPEs		cpe:2.3:h:tenda:ac5:1.0:::::::* cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:::::::*

Mon, 30 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 27 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tenda ac5
Vendors & Products		Tenda ac5

Fri, 27 Mar 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Title		Tenda AC5 POST Request WizardHandle decodePwd stack-based overflow
First Time appeared		Tenda Tenda ac5 Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:tenda:ac5_firmware::::::::
Vendors & Products		Tenda Tenda ac5 Firmware
References		https://lavender-bicycle-a5a.notion.site/Tenda_AC5_WizardHandle_PPW-32053a41781f80cab094d750d30dc9a8?source=copy_link https://vuldb.com/?ctiid.353657 https://vuldb.com/?id.353657 https://vuldb.com/?submit.777394 https://www.tenda.com.cn/
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Tenda Ac5 Ac5 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-27T00:53:09.317Z

Updated: 2026-03-30T11:56:56.348Z

Reserved: 2026-03-26T15:58:03.744Z

Link: CVE-2026-4906

Vulnrichment

Updated: 2026-03-30T11:56:52.572Z

NVD

Status : Analyzed

Published: 2026-03-27T01:16:21.807

Modified: 2026-03-31T20:58:38.367

Link: CVE-2026-4906

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-02T07:55:46Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object