Description
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-03-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow has been found in the decodePwd function of the /goform/WizardHandle POST request handler on Tenda AC5 routers. The flaw is triggered by manipulating the WANT/WANS parameter and can be invoked from a remote attacker. If successfully exploited, the overflow could corrupt stack data and lead to arbitrary code execution or other destructive actions on the device.

Affected Systems

The vulnerability affects Tenda AC5 routers running firmware version 15.03.06.47. The flaw resides in the ac5_firmware component, meaning all units with this firmware are at risk until a patch that removes the stack‑overflow in decodePwd is deployed.

Risk and Exploitability

The CVSS score of 8.7 categorizes the issue as high severity. EPSS information is not available, and the flaw is not listed in the CISA KEV catalog, yet it has been publicly disclosed and the description confirms that remote exploitation is possible. While no specific exploit code is published, a determined attacker could achieve remote code execution by triggering the buffer overflow.

Generated by OpenCVE AI on March 27, 2026 at 06:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router to the latest firmware version that patches the decodePwd stack overflow in the /goform/WizardHandle handler.
  • If a patch is unavailable, contact Tenda support for further guidance or an interim fix.
  • Block or disable the /goform/WizardHandle POST endpoint to prevent the vulnerable request from being processed.
  • Monitor the device for abnormal traffic or signs of exploitation until a patch can be applied.

Generated by OpenCVE AI on March 27, 2026 at 06:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac5
Vendors & Products Tenda ac5

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Title Tenda AC5 POST Request WizardHandle decodePwd stack-based overflow
First Time appeared Tenda
Tenda ac5 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:ac5_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac5 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac5 Ac5 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T00:53:09.317Z

Reserved: 2026-03-26T15:58:03.744Z

Link: CVE-2026-4906

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T01:16:21.807

Modified: 2026-03-27T01:16:21.807

Link: CVE-2026-4906

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:24Z

Weaknesses