EUVD-2026-16723
GHSA-mcgx-8v57-hq28
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
Stack-based buffer overflow in Tenda AC6 router firmware version 15.03.05.16 enables authenticated remote attackers to achieve code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromWizardHandle function handling POST requests to /goform/WizardHandle, exploitable by manipulating WANT/WANS parameters. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Tenda AC6 routers in your environment and confirm firmware version via administrative interface; immediately isolate any devices running version 15.03.05.16 from production networks or restrict administrative access to trusted internal networks only. Within 7 days: Contact Tenda support to confirm patch timeline for version 15.03.05.16; implement network-based access controls to block unauthorized POST requests to /goform/WizardHandle; evaluate replacement with alternative router models from vendors with active security support. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today