Description
A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Published: 2026-03-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the formQuickIndex function of the /goform/QuickIndex POST handler. By sending a specially crafted PPPOEPassword value an attacker can overwrite return addresses on the stack, achieving arbitrary code execution on the device. The flaw is exploitable from the network without local access and an exploit is publicly available.

Affected Systems

Tenda AC6 routers running firmware 15.03.05.16 are affected. No other firmware versions were listed as impacted. The fault exists in the POST request handling component for QuickIndex.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS of less than 1% suggests the likelihood of exploitation is low but still non-zero, and the vulnerability is not yet in the CISA KEV database. The attack vector is remote over HTTP, requiring access to the router’s web interface and knowledge of the PPPOEPassword parameter. Because an exploit is publicly available, any device without a patch could be compromised if the endpoint remains exposed.

Generated by OpenCVE AI on March 31, 2026 at 17:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the AC6 firmware to the latest version that addresses the buffer overflow.
  • If an update is not available, block or restrict external access to the /goform/QuickIndex endpoint using the router’s web ACL or an external firewall.
  • Monitor the router’s logs for abnormal POST requests targeting the QuickIndex form and investigate any suspicious activity.
  • Contact Tenda support for additional mitigation guidance if needed.

Generated by OpenCVE AI on March 31, 2026 at 17:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*
cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Tenda ac6
Vendors & Products Tenda ac6

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. VulDB is the best source for vulnerability data and more expert information about this specific topic. A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Title Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow
First Time appeared Tenda
Tenda ac6 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:tenda:ac6_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tenda
Tenda ac6 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tenda Ac6 Ac6 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T22:07:24.530Z

Reserved: 2026-03-27T08:10:32.435Z

Link: CVE-2026-4961

cve-icon Vulnrichment

Updated: 2026-03-27T17:25:41.349Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T17:16:31.090

Modified: 2026-03-31T16:26:10.427

Link: CVE-2026-4961

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:01:06Z

Weaknesses