Tenda AC5 Stack-Based Buffer Overflow Vulnerability (CVE-2026-4903)
A stack-based buffer overflow vulnerability exists in Tenda AC5 version 15.03.06.47, allowing remote attackers to execute arbitrary code by manipulating the `PPPOEPassword` argument in the `formQuickIndex` function of the `/goform/QuickIndex` component.
CVE-2026-4903 describes a critical stack-based buffer overflow vulnerability affecting Tenda AC5 routers, specifically version 15.03.06.47. The vulnerability resides within the formQuickIndex function of the /goform/QuickIndex component, which handles POST requests. An attacker can remotely exploit this vulnerability by crafting a malicious POST request to /goform/QuickIndex with an overly long PPPOEPassword argument. This overflow allows the attacker to potentially overwrite adjacent…
Detection coverage 2
Detect Tenda AC5 PPPOEPassword Buffer Overflow Attempt
criticalDetects potential exploitation attempts of the Tenda AC5 buffer overflow vulnerability (CVE-2026-4903) based on suspicious HTTP POST requests to /goform/QuickIndex with an overly long PPPOEPassword parameter.
Detect Large POST Request to Tenda AC5 QuickIndex
highDetects unusually large POST requests to the /goform/QuickIndex endpoint, potentially indicating a buffer overflow attempt.
Detection queries are kept inside the platform. Get full rules →