Tenda AC5 Stack-Based Buffer Overflow Vulnerability
A stack-based buffer overflow vulnerability (CVE-2026-4905) exists in Tenda AC5 firmware version 15.03.06.47 allowing remote attackers to execute arbitrary code by manipulating the 'index' argument in a POST request to the /goform/WifiWpsOOB endpoint.
A stack-based buffer overflow vulnerability, identified as CVE-2026-4905, has been discovered in Tenda AC5 home routers running firmware version 15.03.06.47. The vulnerability resides within the formWifiWpsOOB function in the /goform/WifiWpsOOB file, which handles POST requests. Attackers can remotely exploit this flaw by crafting a malicious POST request to this endpoint, specifically targeting the index argument. Successful exploitation leads to arbitrary code execution on the device…
Detection coverage 2
Tenda AC5 WifiWpsOOB Buffer Overflow Attempt
highDetects suspicious HTTP POST requests to the WifiWpsOOB endpoint with an excessively long index parameter, indicating a potential buffer overflow attempt (CVE-2026-4905).
Tenda AC5 WifiWpsOOB POST Request Anomaly
mediumDetects abnormal POST requests to the Tenda AC5 WifiWpsOOB endpoint based on content length
Detection queries are kept inside the platform. Get full rules →