Which versions of Tenda are affected by CVE-2026-4960?

Tenda AC6 routers running firmware 15.03.05.16 are vulnerable to remote code execution that allows authenticated attackers to gain full control of the device, compromising network security and…

Is there a public PoC exploit available for CVE-2026-4960?

Yes, a public proof-of-concept exploit is available for CVE-2026-4960. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4960?

Within 24 hours: Identify all Tenda AC6 routers in your environment and confirm firmware version via administrative interface; immediately isolate any devices running version 15.03.05.16 from production networks or restrict administrative access to trusted internal networks only. Within 7 days: Contact Tenda support to confirm patch timeline for version 15.03.05.16; implement network-based access controls to block unauthorized POST requests to /goform/WizardHandle; evaluate replacement with alternative router models from vendors with active security support. Within 30 days: Develop and execute a device replacement or firmware upgrade plan once patches are released; conduct network forensics on isolated devices to detect any signs of prior exploitation.

Tenda CVE-2026-4960

Q: What is the CVSS score of CVE-2026-4960?

CVE-2026-4960 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16723 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-27 VulDB

GHSA-mcgx-8v57-hq28

Tenda Buffer Overflow Stack Overflow

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Mar 31, 2026 - 20:58 vuln.today

Public exploit code

EUVD ID Assigned

Mar 27, 2026 - 16:45 euvd

EUVD-2026-16723

Analysis Generated

Mar 27, 2026 - 16:45 vuln.today

CVE Published

Mar 27, 2026 - 16:09 nvd

HIGH 7.4

DescriptionCVE.org

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

AnalysisAI

Stack-based buffer overflow in Tenda AC6 router firmware version 15.03.05.16 enables authenticated remote attackers to achieve code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromWizardHandle function handling POST requests to /goform/WizardHandle, exploitable by manipulating WANT/WANS parameters. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Tenda AC6 router

Delivery

Send POST request to /goform/WizardHandle

Exploit

Inject oversized payload in WANT/WANS parameter

Execution

Overflow stack buffer

Impact

Execute arbitrary code with device privileges

Access

Authenticate to Tenda AC6 router

Delivery

Send POST request to /goform/WizardHandle

Exploit

Inject oversized payload in WANT/WANS parameter

Execution

Overflow stack buffer

Impact

Execute arbitrary code with device privileges

Vulnerability AssessmentAI

Exploitation	Tenda AC6 firmware 15.03.05.16. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS v3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates network-accessible exploitation with low complexity requiring low-privilege authentication and no user interaction, yielding high impact across all CIA triad components. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker with low-privilege credentials (potentially obtained through credential stuffing, default passwords, or prior reconnaissance) connects to the Tenda AC6 router's web management interface over the network. The attacker crafts a malicious POST request to the /goform/WizardHandle endpoint with oversized WANT or WANS parameter values designed to overflow the stack buffer in the fromWizardHandle function. …
Remediation	No vendor-released patch identified at time of analysis based on the available reference data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Tenda AC6 routers in your environment and confirm firmware version via administrative interface; immediately isolate any devices running version 15.03.05.16 from production networks or restrict administrative access to trusted internal networks only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-38065 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the

CVE-2026-38060 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin p

CVE-2026-38061 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volum

CVE-2026-38062 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the rat

CVE-2026-38063 CRITICAL Act Now

9.8 Jun 15

Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via

CVE-2026-4960 vulnerability details – vuln.today

Back

Tenda CVE-2026-4960

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code