CVE-2026-4906 | Tenda AC5 15.03.06.47 POST Request /goform/WizardHandle decodePwd WANT/WANS stack-based overflow

Inserito da Angelo Barbosa | Mar 26, 2026 | CVE

A vulnerability, which was classified as critical, was found in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow.

This vulnerability is handled as CVE-2026-4906. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-4906 | Tenda AC5 15.03.06.47 POST Request /goform/WizardHandle decodePwd WANT/WANS stack-based overflow

Post correlati

CVE-2024-42213 | HCL BigFix Compliance 2.0.12 Temporary File test code (KB0120961)

CVE-2024-38776 | Martin Gibson WP GoToWebinar Plugin up to 15.7 on WordPress cross-site request forgery

CVE-2024-47777 | GStreamer up to 1.24.9 gstwavparse.c gst_wavparse_smpl_chunk out-of-bounds (GHSL-2024-259)

CVE-2025-20910 | Samsung Devices Galaxy Watch Gallery default permission