CVE-2026-6016 | Tenda AC9 15.03.02.13 POST Request /goform/WizardHandle decodePwd WANS stack-based overflow

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability was found in Tenda AC9 15.03.02.13. It has been classified as critical. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow.

This vulnerability is identified as CVE-2026-6016. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-6016 | Tenda AC9 15.03.02.13 POST Request /goform/WizardHandle decodePwd WANS stack-based overflow

Post correlati

CVE-2025-15567 | Vivo Health missing authentication

CVE-2025-7628 | YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd /deleteFile fileName path traversal (Issue 15)

CVE-2025-8077 | SUSE neuvector up to 5.4.5 Authentication Token default password (GHSA-8pxw-9c75-6w56)

CVE-2025-7891 | InstantBits Web Video Cast App up to 5.12.4 on Android com.instantbits.cast.webvideo AndroidManifest.xml improper export of android application components