Is Stack Overflow affected by EUVD-2026-16476?

Tenda AC5 routers running firmware 15.03.06.47 are vulnerable to remote code execution through an authenticated stack-based buffer overflow, allowing low-privilege users to completely compromise device integrity and network security.

EUVD-2026-16476

| CVE-2026-4905 HIGH

2026-03-26 VulDB

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Mar 31, 2026 - 20:59 vuln.today

Public exploit code

Analysis Generated

Mar 26, 2026 - 23:31 vuln.today

EUVD ID Assigned

Mar 26, 2026 - 23:31 euvd

EUVD-2026-16476

CVE Published

Mar 26, 2026 - 23:11 nvd

HIGH 7.4

Description

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Analysis

Remote authenticated attackers can execute arbitrary code on Tenda AC5 routers (firmware version 15.03.06.47) by exploiting a stack-based buffer overflow in the WPS configuration handler. The vulnerability resides in the formWifiWpsOOB function handling POST requests to /goform/WifiWpsOOB, where insufficient validation of the 'index' parameter allows memory corruption. …

Remediation

Within 24 hours: Identify all Tenda AC5 devices running firmware 15.03.06.47 in your network inventory and document their location and business criticality. Within 7 days: Restrict administrative and WPS configuration access to trusted networks only using firewall rules; disable WPS functionality if not operationally required; isolate affected routers to a monitored VLAN with egress filtering. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +37

POC: +20

EUVD-2026-16476 vulnerability details – vuln.today

Back

EUVD-2026-16476

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-16476

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code