Buffer Overflow Vulnerability in Tenda AC5 Router
CVE-2026-4905
Key Information:
Badges
What is CVE-2026-4905?
A critical security flaw exists in the Tenda AC5 router due to a stack-based buffer overflow in the 'formWifiWpsOOB' function. This vulnerability is triggered by manipulating specific arguments in the POST Request Handler. If exploited, attackers could execute arbitrary code remotely. As the details of this exploit have been publicly released, it poses a significant threat to users of the Tenda AC5 router. Immediate action is advised to protect devices from potential unauthorized access.
Affected Version(s)
AC5 15.03.06.47
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved