EUVD-2026-16476CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
Analysis
Remote authenticated attackers can execute arbitrary code on Tenda AC5 routers (firmware version 15.03.06.47) by exploiting a stack-based buffer overflow in the WPS configuration handler. The vulnerability resides in the formWifiWpsOOB function handling POST requests to /goform/WifiWpsOOB, where insufficient validation of the 'index' parameter allows memory corruption. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Tenda AC5 devices running firmware 15.03.06.47 in your network inventory and document their location and business criticality. Within 7 days: Restrict administrative and WPS configuration access to trusted networks only using firewall rules; disable WPS functionality if not operationally required; isolate affected routers to a monitored VLAN with egress filtering. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today