Security Advisory

CVE-2026-4906

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-27 00:53:09

Last updated 2026-03-30 11:56:56

Assigner VulDB

State PUBLISHED

Description

A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

← Browse all CVEs View on cve.org ↗