{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4903", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-26T15:57:53.324Z", "datePublished": "2026-03-26T22:30:18.420Z", "dateUpdated": "2026-03-27T20:00:27.001Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-26T22:30:18.420Z"}, "title": "Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Tenda", "product": "AC5", "versions": [{"version": "15.03.06.47", "status": "affected"}], "cpes": ["cpe:2.3:o:tenda:ac5_firmware:*:*:*:*:*:*:*:*"], "modules": ["POST Request Handler"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-26T17:03:10.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "wxhwxhwxh_mie (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.353654", "name": "VDB-353654 | Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353654", "name": "VDB-353654 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777380", "name": "Submit #777380 | Tenda AC5 AC5 V1.0 V15.03.06.47 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://lavender-bicycle-a5a.notion.site/Tenda_AC5_QuickIndex_PPPOEPassword-32053a41781f808dae98f99c99bcb21c?source=copy_link", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T14:10:53.824229Z", "id": "CVE-2026-4903", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T20:00:27.001Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4903", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T14:10:53.824229Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T14:10:57.096Z"}}], "cna": {"title": "Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption", "credits": [{"lang": "en", "type": "reporter", "value": "wxhwxhwxh_mie (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:o:tenda:ac5_firmware:*:*:*:*:*:*:*:*"], "vendor": "Tenda", "modules": ["POST Request Handler"], "product": "AC5", "versions": [{"status": "affected", "version": "15.03.06.47"}]}], "timeline": [{"lang": "en", "time": "2026-03-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-26T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-26T17:03:10.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.353654", "name": "VDB-353654 | Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353654", "name": "VDB-353654 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777380", "name": "Submit #777380 | Tenda AC5 AC5 V1.0 V15.03.06.47 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://lavender-bicycle-a5a.notion.site/Tenda_AC5_QuickIndex_PPPOEPassword-32053a41781f808dae98f99c99bcb21c?source=copy_link", "tags": ["exploit"]}, {"url": "https://www.tenda.com.cn/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-26T22:30:18.420Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4903", "state": "PUBLISHED", "dateUpdated": "2026-03-27T20:00:27.001Z", "dateReserved": "2026-03-26T15:57:53.324Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-26T22:30:18.420Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.47:*:*:*:*:*:*:*", "matchCriteriaId": "2D94CA12-3FED-4730-B1B4-4F6AAA3AB17E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used."}, {"lang": "es", "value": "Se ha encontrado una falla en Tenda AC5 15.03.06.47. Esta vulnerabilidad afecta a la funci\u00f3n formQuickIndex del archivo /goform/QuickIndex del componente Gestor de Solicitudes POST. Esta manipulaci\u00f3n del argumento PPPOEPassword causa un desbordamiento de b\u00fafer basado en pila. El ataque puede iniciarse de forma remota. El exploit ha sido publicado y puede ser utilizado."}], "id": "CVE-2026-4903", "lastModified": "2026-03-31T21:08:06.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-26T23:16:21.307", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://lavender-bicycle-a5a.notion.site/Tenda_AC5_QuickIndex_PPPOEPassword-32053a41781f808dae98f99c99bcb21c?source=copy_link"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.353654"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.353654"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.777380"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.tenda.com.cn/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15.03.06.47"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "AC5", "source": "cna", "vendor": "Tenda"}, "product": "ac5", "vendor": "tenda"}], "analysis": {"en": {"generated_at": "2026-04-01T07:08:41.623919+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s firmware update that addresses the buffer overflow.", "If a firmware update is not immediately available, block external access to the /goform/QuickIndex endpoint or disable the QuickIndex feature via the router\u2019s configuration interface.", "Add a network firewall rule to allow the router\u2019s web interface only from known management IPs.", "Monitor router logs for unexpected POST requests to /goform/QuickIndex and investigate anomalies."], "summary": {"action": "Immediate Patch", "impact": "Remote Exploitation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Tenda AC5 units running firmware version 15.03.06.47 and potentially other AC5 releases indicated by the provided CPE entries. Devices that expose the QuickIndex POST handler to external traffic without authentication are susceptible; exact version coverage is known only for 15.03.06.47, while other builds may be impacted as well.", "description_and_impact": "Tenda AC5 routers exhibit a stack\u2011based buffer overflow in the formQuickIndex handler of the /goform/QuickIndex POST request. By sending a specially crafted PPPOEPassword value, an attacker can overflow the buffer. The CVE description notes that the flaw has an existing exploit and can be triggered remotely; the overflow may enable arbitrary code execution or compromise the router\u2019s firmware, an inference drawn from the nature of stack overflows but not explicitly stated in the CVE data.", "risk_and_exploitability": "The CVSS score of 8.7 classifies this flaw as high severity, and the EPSS score of less than 1% suggests a currently low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the exploit is publicly available and requires no special credentials, the impact to confidentiality and integrity of the router is significant, potentially allowing a remote attacker to gain control of the device."}}}}, "created": "2026-03-27T08:31:31.983778+00:00", "updated": "2026-04-02T07:56:08.477071+00:00", "vendors": ["tenda", "tenda$PRODUCT$ac5"]}